FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes the process of setting up an authentication rule for SSL VPN that is restricted to the specific interface.
Scope
FortiGate.
Solution
Below is an explanation of the configuration:
config vpn ssl settings
config authentication-rule
edit 1
set source-interface "port2"
set source-address "all"
set groups "Tunnel"
set portal "full-access"
next
end
end
config authentication-rule: Begins the configuration of an authentication rule for SSL VPN.
edit 1: This indicates that you are editing or creating the first authentication rule.
set source-interface "port2": This restricts the SSL VPN access to only the port2 interface. Users must connect through this interface to authenticate.
set source-address "all": This means that any IP address is allowed to authenticate through the specified interface.
set groups "Tunnel": Only users who are members of the "Tunnel" user group are allowed to authenticate.
set portal "full-access": Once authenticated, users are directed to the "full-access" portal, which generally provides full network access.
next: Moves to the next rule or configuration item.
end: Ends the configuration of the authentication rule.
Impact of the configuration:
Restricting to port2: By setting the source-interface to port2, users can only access the SSL VPN by connecting through this interface. Any connections attempted through other interfaces will not be authenticated by this rule.
User Group Restriction: Only users in the 'Tunnel' group can access the VPN through port2.
