Description | This article describes how to configure SSL VPNs with VRFs in order to achieve traffic segmentation. |
Scope | FortiGate 6.4.10, 7.0.6 & 7.2.0. |
Solution |
In order for the SSL-VPN to be fully operational within a VRF based topology, it is necessary to configure all the interfaces involved to be on the same VRF ID.
In most common topologies there are three interfaces involved:
A) The interface which the SSL VPN is bound to. B) SSL-VPN interface itself. C) The egress interface.
For example, in the below topology, SSL-VPN is bound to port1 and the egress interface for remote users to reach local resources is port3. The configuration should look like:
1) SSL-VPN:
# config vpn ssl settings set source-interface "port1"
2) Firewall policy:
# config firewall policy
3) System interfaces:
# config system interface set vrf 10 end |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.