Description |
This article describes how to configure split and non-split SSL VPN portals at the same time using realms. This will allow users to choose to connect to a split or non-split tunnel. |
Scope | FortiGate. |
Solution |
In this example, the default realm is used for the split tunnel, and it is necessary to create a new realm named 'non-split' for non-split tunnel.
Under VPN -> SSL-VPN Settings -> Authentication/Portal Mapping, map Users/Groups to the corresponding Realms and Portals.
Note: It is not possible to map the same group to different realms. If the same group needs to be used, it is possible to clone that group and give it a different name. In this example, ‘Guest-group’ is used for the split tunnel, and ‘Guest-group-non-split’ is used for non-split. ‘Guest-group-non-split’ was cloned from ‘Guest-group’. It is also possible to map different groups to different realms and portals.:
After that, users will be able to choose which VPN connection to connect (split or non-split). |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.