Ask - How to create multiple access

kssupport · ‎02-10-2016

hi there,

I need to create several access type for vpn ssl.

here the simulation.

what I have?

- 1 internet connection with 1 public IP

- 2 group vpn (gr1 and gr2)

- 1 object vpn ssl address

- 1 subnet LAN 192.168.1.x /24

- device FG-40D

- users have been designed to their own groups

what is the case?

I want to make:

gr1, can connect vpn, but limited only can access 192.168.1.1 and 192.168.1.2

gr2, can connect vpn, can access all IP in LAN subnet.

what is the problem?

gr2 has been successful. but gr1 still can connect any address in that subnet, not limited only to 2 address.

need help.

thanks.

neonbit · ‎02-10-2016

I'm assuming you're looking at configuring tunnel mode here. Below are some core things I would configure:

1. Create a separate SSL-portal for each group with the IP/subnet they should reach. 2. Match each group to the correct ssl-portal in the SSL settings: 3. Configure two policies restricting each group to the IP/subnet they should be able to reach:

(img: http://pasteboard.co/1sAAHjSW.png) If it's still not working then I would suggest looking at the user and groups. Ensure that user1 is only in group1 and not group2.

kssupport · ‎02-10-2016

Hi,

thank you for your reply.

I think fg-40D can have only one of vpn ssl portal. am I correct?

thanks.

kssupport · ‎02-11-2016

Hi,

anyway, anyone can give reference or tutorial to set vpn ssl using vpn client, with 2 different access:

gr1 --> only can connect/communicate to certain host in LAN

gr2 --> can connect to all hosts in LAN.

thanks in advance

neonbit · ‎02-16-2016

Your correct, I just checked and the FG40C can only support 1 SSL VPN portal. Sorry I did the tests on a FG60C which supports upto 10 portals.

Ask - How to create multiple access

Nominate a Forum Post for Knowledge Article Creation