FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes how to create a policy for SSL VPN without checking the source user group of the authenticated SSL VPN groups/users. Check the warning note below.
Scope
FortiGate, SSL VPN, testing purposes.
Solution
This action can be performed only from the CLI.
In the serial console, SSH, or GUI CLI session, enter the following commands:
config firewall policy
edit *SSL VPN policy ID number*
unset group
end
Warning: From the GUI, it is possible to notice that an SSL VPN policy is not allowed to be created if there is a user or a user group assigned to the source addresses. And if there is a policy created without a user or a user group, it will still ask for one.
This is done on purpose and is not recommended to be configured without one, the SSL VPN policies should always have configured the required users or user groups. By doing so, more security is provided to the traffic/connections. The above command should be used only for testing purposes and in some very rare cases.
