Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
RobNS
New Contributor

Created on ‎06-09-2024 05:07 AM

Can't setup a VPN user.

Hi,

 

I've inherited a client that has a Fortigate 61E firewall and have to set up a VPN user. I've been trying to follow the below document but get a little lost by the time it gets to the IPv4 Policy.
https://blog.vpntracker.com/how-to-configure-vpn-for-a-fortinet-fortigate-firewall/

 

The really weird thing is, they have one VPN user already setup who can successfully dial in to the LAN using Forticlient from his home computer.. I can find no trace of a VPN, a user or any settings related to a configuration that allows this user to VPN through it.

 

Any help appreciated.

Labels:
2092
0 Kudos
1 Solution
ebilcari
Staff
Staff

Created on ‎06-09-2024 05:56 AM

There are two types of VPNs you can use, IPsec and SSL based. SSL VPNs are the preferred and easiest to set up, also are better to adapt to the network limitations (internet).

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.

View solution in original post

2077
5 REPLIES 5
ebilcari
Staff
Staff

Created on ‎06-09-2024 05:56 AM

There are two types of VPNs you can use, IPsec and SSL based. SSL VPNs are the preferred and easiest to set up, also are better to adapt to the network limitations (internet).

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
2078
RobNS
New Contributor
In response to ebilcari

Created on ‎06-09-2024 10:58 PM

I looked at all these settings before, but after your post, I had a closer look and suddenly understood how it all worked.

Cheers.

1960
grodthin
New Contributor

Created on ‎06-09-2024 08:21 AM Edited on ‎06-10-2024 12:47 AM By Community Manager

It's those two checkboxes, I've run across this thousands of times. Also, WSUS resets these every. single time and it's maddening, but this is why I'm primarily a *nix admin/engineer with Windows as an ongoing side project I hate for a lot of reasons.... like this one.

omegle xender
omegle xender
2045
0 Kudos
raureada
Staff
Staff

Created on ‎06-09-2024 08:29 AM

Dear @RobNS

 

To double check and verify please follow the below steps:

  • Log into the FortiGate GUI.
  • Select the Dashboard.
  • Navigate to Network and then select SSL VPN.
  • The username of the connected user will appear. Right-click on the user and select 'View Connection Details'.
  • Under Source interface, you can see the port through which the SSL VPN user is connected.

This method lets you identify which user is currently connected to the FortiGate VPN.

2039
pdelapena
Staff
Staff

Created on ‎06-09-2024 04:51 PM

Hi @RobNS ,

Assuming you have already created a local user following the guide you have shared, it will be much better if you can assign that user to a user group. The reason for this is that when you have new SSL-VPN users to add in, you simply just need to assign them to the SSL-VPN user group and no more additional configuration to do.

After that, Navigate to SSL-VPN Settings -> Authentication/Portal Mapping and set the user group with the portal you would like to assign for them. Do not forget to click 'Apply' to commit the changes.

 

img1.JPG

 

Lastly, you'll need to add the new user/user group to the firewall policy so that they can access internal resources. You can just use the search bar and find "ssl.root" which is the SSL-VPN tunnel interface. It is important to take note that under the source address, you need to put up both the IP address and the User/User Group in order for it to work.

img2.jpg

 

Ref : https://docs.fortinet.com/document/fortigate/7.2.8/administration-guide/307303/ssl-vpn-split-tunnel-...

Regards,

Best regards,
Pau
1986
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.