Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
yangw
Staff
Staff

Created on ‎06-05-2022 11:26 PM

Article Id 213846

Technical Tip: SSL-VPN web mode is not assigning IP address for the web login account

Description This article describes that SSL-VPN web mode would not assign IP address for the web login account.
Scope FortiOS 6.0 and FortiOS 6.2.
Solution

By design, SSLVPN web mode would not assign IPaddress for the web login account due to web mode process traffic flow (RDP connection, etc.) by proxy-based.

Web Mode monitor:


# get vpn ssl monitor <----- To check the SSL-VPN login user with IP address.


SSL-VPN Login Users:


Index User Auth Type Timeout From HTTP in/out HTTPS in/out


0 twtac 1(1) 225 10.1.218.5 0/0 300367/17426954 <----- Only the source IP address from the client end is visible.


SSL-VPN sessions:


Index User Source IP Duration I/O Bytes Tunnel/Dest IP
<empty>

 

Log information in GUI:

 

SSLVPNwebmodeLog.PNG

Tunnel Mode monitor:


# get vpn ssl monitor
SSL VPN Login Users:
Index User Auth Type Timeout From HTTP in/out HTTPS in/out
0 twtac 1(1) 295 10.1.218.254 0/0 0/0


SSL-VPN sessions:


Index User Source IP Duration I/O Bytes Tunnel/Dest IP
0 twtac 10.1.218.254 62 253916/234198 10.212.134.200 <----- assigned ip address to tunnel mode user.

 

Log information in GUI:

 

SSLVPNtunnelmodeLog.PNG
858
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.​

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2023 Fortinet, Inc. All Rights Reserved.