Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
dominikw
New Contributor

SSLVPN 5.2 web portal - restrict access to one of few portals only for one public IP

Hi !

 

Since 5.2 firmware there are a lot of changes in sslvpn (i.e. lack of WAN --> ssl.root polices for web-portal).

I use sslvpn very seldom - but now one of my customer upgraded from 5.0 to 5.2.

There are 2 tunnel (sslvpn) configurations and 5 web-portal configurations (for some partners).

In one particular web-portal we want to restrict access to few (or even one) public IPs but it doesn't work.

I've build policy :

          Incoming interface - ssl.root

         src addr - only_public_IP

         src users - partnerX_group_users

         Outgoing  interface - lan

         dst addr - Internal_Server_X

         schedule - always

         service - any

         action - accept

Everything works OK but I can login as partnerX and access Internal_Server_X from any public IP !!!!

Since there is no wan-to-ssl.root policy I understand that I can login to portal - but IMHO I shouldn't access Internal_Server_X. This is some kind of security issue.

Is it possible to restrict it ? 

Dominik Weglarz, IT System Engineer

0 REPLIES 0