Fortigate 100E
How can i allow access to SSL VPN for one specified user from one specified ip address only? What is the best practise to that?
Thanks!
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
do you mean allow a user from specific ip inside your network to connect to an external vpn server?
Orestis Nikolaidis
Network Engineer/IT Administrator
In any case this is not relevant to web filtering.
In case you want to allow a user from internal network to access a vpn gateway:
Define a static ip for the specific user's pc.
Create a rule from your internal network to internet with source the user's ip and destination the vpn gateway ip, use vpn port at the service tab and allow this traffic with NAT.
Place this rule above your global rule for accessing the internet
In case you want a remote user to access your infrastructure:
Create a local firewall user which will be used at your VPN settings.
Create a rule with:
From: sslvpn virtual interface
To: any internal or external interface
Source: your ip range from vpn settings AND your localy created user
Destination: all or any specific ip you want the user to have access to
Enable NAT.
Orestis Nikolaidis
Network Engineer/IT Administrator
I want remote user can connect to VPN SSL from specified ip address only, if connection not from this ip, drop it, what kind firewall rule suitable for that?
If you meant to limit the client IP where SSL VPN is coming from, you can use "set source-address <address_or_addrgrp_object>" under "config vpn ssl settings".
Orestis Nikolaidis
Network Engineer/IT Administrator
It will restrict access for all users on this VPN portal right? I want to restrict access for one user only.
yes, I have the same task now. for most users (based on user group) I allow access from anywhere, but for some users I want to allow access only from sepcified public IPs
what is the correct way to set such a policy?
AlexHelloworld wrote:It will restrict access for all users on this VPN portal right? I want to restrict access for one user only.
have you found the way to do it?
i dont believe there is a way. you can restrict the access in general. but you can't allow certain groups from everywhere and some from only specific IPs.
if you really want to you could consider two devices where you restrict access in general on the specific one.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1632 | |
1063 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.