FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
yangw
Staff
Staff
Description This article describes that SSL-VPN web mode would not assign IP address for the web login account.
Scope FortiOS 6.0 and FortiOS 6.2.
Solution

By design, SSLVPN web mode would not assign IPaddress for the web login account due to web mode process traffic flow (RDP connection, etc.) by proxy-based.

Web Mode monitor:


# get vpn ssl monitor <----- To check the SSL-VPN login user with IP address.


SSL-VPN Login Users:


Index User Auth Type Timeout From HTTP in/out HTTPS in/out


0 twtac 1(1) 225 10.1.218.5 0/0 300367/17426954 <----- Only the source IP address from the client end is visible.


SSL-VPN sessions:


Index User Source IP Duration I/O Bytes Tunnel/Dest IP
<empty>

 

Log information in GUI:

 

SSLVPNwebmodeLog.PNG

Tunnel Mode monitor:


# get vpn ssl monitor
SSL VPN Login Users:
Index User Auth Type Timeout From HTTP in/out HTTPS in/out
0 twtac 1(1) 295 10.1.218.254 0/0 0/0


SSL-VPN sessions:


Index User Source IP Duration I/O Bytes Tunnel/Dest IP
0 twtac 10.1.218.254 62 253916/234198 10.212.134.200 <----- assigned ip address to tunnel mode user.

 

Log information in GUI:

 

SSLVPNtunnelmodeLog.PNG
Contributors