Auto add users to a vpn group - Fortinet Community

Support Forum

The Forums are a place to find answers on a range of Fortinet products from peers and product experts.

Hi all,

I have to VPN groups that have different DNS servers when connected. Is there a way to configure the firewall so that the users are automatically put into VPN group 1 then if I need to I can just change it to VPN group 2. The reason for this is almost all users are VPN group 1 and unless they are added to a VPN group they can not connect to the VPN.

Or is there another setting that I need/am able to configure to allow users not in a VPN group to connect?

2530

2 REPLIES 2

If you want groups associate them to ldap group and use that in your vpn cfg

config user group

edit "SSO_Guest_Users"

next

edit "GROUPO01"

set member "LDAPSRV01"

config match

edit 1

set server-name "LDAPSRV01"

set group-name "CN=Vpnuser1,CN=Users,DC=1plus1eq2,DC=com"

next

end

next

edit "GROUPO02"

set member "LDAPSRV01"

config match

edit 1

set server-name "LDAPSRV01"

set group-name "CN=Vpnuser2,CN=Users,DC=1plus1eq2,DC=com"

next

end

next

And so on, you call each group up and define what he/she needs and just move the user into that group. You can probably nest groups, but I have no experience in that area.

Ken

PCNSE

NSE

StrongSwan

PCNSE NSE StrongSwan

1449

Thank you but I am not looking for ldap groups these are VPN groups we are not currently running LDAP but will be in the near future.

1449

Top Kudoed Authors

User

Count

2166

1193

770

451

350

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Copyright 2025 Fortinet, Inc. All Rights Reserved.