- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can't setup a VPN user.
Hi,
I've inherited a client that has a Fortigate 61E firewall and have to set up a VPN user. I've been trying to follow the below document but get a little lost by the time it gets to the IPv4 Policy.
https://blog.vpntracker.com/how-to-configure-vpn-for-a-fortinet-fortigate-firewall/
The really weird thing is, they have one VPN user already setup who can successfully dial in to the LAN using Forticlient from his home computer.. I can find no trace of a VPN, a user or any settings related to a configuration that allows this user to VPN through it.
Any help appreciated.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There are two types of VPNs you can use, IPsec and SSL based. SSL VPNs are the preferred and easiest to set up, also are better to adapt to the network limitations (internet).
If you have found a solution, please like and accept it to make it easily accessible for others.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There are two types of VPNs you can use, IPsec and SSL based. SSL VPNs are the preferred and easiest to set up, also are better to adapt to the network limitations (internet).
If you have found a solution, please like and accept it to make it easily accessible for others.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I looked at all these settings before, but after your post, I had a closer look and suddenly understood how it all worked.
Cheers.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dear @RobNS
To double check and verify please follow the below steps:
- Log into the FortiGate GUI.
- Select the Dashboard.
- Navigate to Network and then select SSL VPN.
- The username of the connected user will appear. Right-click on the user and select 'View Connection Details'.
- Under Source interface, you can see the port through which the SSL VPN user is connected.
This method lets you identify which user is currently connected to the FortiGate VPN.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @RobNS ,
Assuming you have already created a local user following the guide you have shared, it will be much better if you can assign that user to a user group. The reason for this is that when you have new SSL-VPN users to add in, you simply just need to assign them to the SSL-VPN user group and no more additional configuration to do.
After that, Navigate to SSL-VPN Settings -> Authentication/Portal Mapping and set the user group with the portal you would like to assign for them. Do not forget to click 'Apply' to commit the changes.
Lastly, you'll need to add the new user/user group to the firewall policy so that they can access internal resources. You can just use the search bar and find "ssl.root" which is the SSL-VPN tunnel interface. It is important to take note that under the source address, you need to put up both the IP address and the User/User Group in order for it to work.
Ref : https://docs.fortinet.com/document/fortigate/7.2.8/administration-guide/307303/ssl-vpn-split-tunnel-...
Regards,
Pau
