Hi All,
I've noticed a difference between FortiManager and FortiGate that I want to understand, and I'm hoping someone can help.
We have a group of FortiGates (v7.4.5 build2702) that were recently added to a FortiManager (v7.4.5 build2553). If I log into one of the FortiGates, I can see that we have an SSL-VPN setup that limits access to specific hosts and then has two groups of hosts - but the negate switch is turned on, which means anyone can try to connect EXCEPT someone in one of those groups:
When I look at the same config in the FortiManager, there is no negate switch, meaning only those groups can try to connect - the opposite of what we want:
My concern is that if I push the config from the FortiManager, it will not push the negate switch, and I'll lose access to the firewall as I'm coming through the SSL-VPN.
If you're building a VPN from scratch, how do you configure the negate switch in FortiManager?
Thanks
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi,
In VPN Manager where you see those settings, you have at the bottom Advanced Options.
There you should have the source-address-negate enabled.
Hi,
In VPN Manager where you see those settings, you have at the bottom Advanced Options.
There you should have the source-address-negate enabled.
You win - I'd been through several times but must have missed it each time. I wonder why there is a big difference between the FortiGate GUI and the FortiManager? I'd expect some standardisation.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1714 | |
1093 | |
752 | |
447 | |
232 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.