Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
freber
New Contributor II

Block internal IP from VPN

Hi all!

 

We have a working SSL VPN that lets outside users access our internal LAN. But I want to restrict access to specific local addresse. Ie I dont want any VPN users to access 192.168.0.20.

How do I block a specific local IP?

1 Solution
Toshi_Esumi
SuperUser
SuperUser

You must have a ssl.root->[internal_interface] policy allowing all. Just put another policy blocking the host .20 right above the existing policy.

View solution in original post

3 REPLIES 3
Toshi_Esumi
SuperUser
SuperUser

You must have a ssl.root->[internal_interface] policy allowing all. Just put another policy blocking the host .20 right above the existing policy.

Yurisk

That's the beauty of Interface/Route-based VPNs - you treat your VPN users as located somewhere on the Internet and connected to your LANs via ssl.root interface, as the consequence, you allow/block this traffic in security policy  as you do with any traffic passing the firewall from interface to interface.

 

Yuri https://yurisk.info/  blog: All things Fortinet, no ads.
Yuri https://yurisk.info/ blog: All things Fortinet, no ads.
freber
New Contributor II

I have a deny policy now which has destination .20 and when its not in effect the users can reach everything and when it is applied they cant connect at all.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors