|
In this article example, 2 ISPs are used for describing the config:
Setup:
User1 -> SSL VPN -> Via ISP1
Same User1 -> SSL VPN -> Via ISP2.
- When the user connects to ISP1 for SSL VPN, the IP address ranges from address 192.168.10.10 - 192.168.10.250.
- When the user connects to ISP2 for SSL VPN, the IP address ranges from address 192.168.20.10 - 192.168.20.250.
Step-by-step process:
- Create 2 SSL VPN portals.
For example: an Access-A portal and an Access-B portal (such as full-access or tunnel access).
- Define the Source IP pool which has been created (Address object: example ISP1SSL and ISP2SSL)
For example: Access-A portal will have ISP1SSL SOURCE IP POOL and Access-B portal will have ISP2SSL SOURCE IP POOL.
- In SSLVPN settings, configure the authentication rule.
Specify the same set of users for both of the SSL VPN Portals
User or usergroup -> Assigned to Access-A and Access-B portals.
On the VPN authentication portal:
config vpn ssl settings
set servercert "Fortinet_Factory"
set tunnel-ip-pools "SSLVPN_TUNNEL_ADDR1"
set tunnel-ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"
set source-interface "port1" "port3"
set source-address "all"
set source-address6 "all"
set default-portal "full-access"
config authentication-rule
edit 1 <- Access-A portal rule.
set source-interface "port1" <- ISP1.
set source-address "all" <- Define ALL here.
set users "test" "hello" <- User names or user groups can be used.
set portal "Access-A"
next
edit 2 <- Access-B portal rule.
set source-interface "port3" <- Secondary ISP.
set source-address "all" <- Define ALL here.
set users "test" "hello"
set portal "Access-B"
next
end
end
Relevant Firewall policies i.e. SSL VPN policies should be configured.
Once all this is done: when users connect to ISP1 gateway, they get assigned to an IP Pool of ISP1SSL. When they connect to the ISP2 gateway, they are assigned with an IP Pool of ISP2SSL.
|
