Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
acp
Staff
Staff

Created on ‎05-01-2020 01:14 AM

Article Id 195190

Technical Tip: How to configure specific SSL VPN address pool to SSL VPN Users/Usergroup

Description
This article describes how to create different SSL VPN IP POOL address and assign to Specific Users/User Group.

Solution
Network Diagram.

User1 needs to assign SSL VPN IP POOL OF 10.1.0.0/16.
User2 needs to assign SSL VPN IP POOL OF 10.2.0.0/16.




1) Users and user groups configuration.



2) Create address group.





3) Create 2 SSL VPN profiles.





Inside SSL VPN  Profile -1.
Source IP POOL of SSVPN_TUNNEL_ADDR1 Group.
Add routing address if specific routing table is injected to FortiClient.




Inside SSL VPN profile - 2.





4) Go to VPN -> SSL -> Settings.

- Select the listen external interface (port1 in this case), listen port (10443).




5) Create policy.

Configure policy to active SSLVPN and allow access.

NOTE:
Specific usergroup has to be set on both kind of policy.

- Go to Policy & Objects-> Policy -> IPv4.




Result.

1) User1.





Route print at client Windows machine.




2) User2.


Route print.






Labels:
38913
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.