Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
JollyJohn
New Contributor II

Created on ‎11-13-2024 09:42 PM

Configuration on FortiGate verses FortiManager

Hi All,

     I've noticed a difference between FortiManager and FortiGate that I want to understand, and I'm hoping someone can help.

We have a group of FortiGates (v7.4.5 build2702) that were recently added to a FortiManager (v7.4.5 build2553). If I log into one of the FortiGates, I can see that we have an SSL-VPN setup that limits access to specific hosts and then has two groups of hosts - but the negate switch is turned on, which means anyone can try to connect EXCEPT someone in one of those groups:

JollyJohn_0-1731562608966.png

 

 

When I look at the same config in the FortiManager, there is no negate switch, meaning only those groups can try to connect - the opposite of what we want:

JollyJohn_1-1731562608712.png

 

 

My concern is that if I push the config from the FortiManager, it will not push the negate switch, and I'll lose access to the firewall as I'm coming through the SSL-VPN.

If you're building a VPN from scratch, how do you configure the negate switch in FortiManager?

 

Thanks

Labels:
189
0 Kudos
1 Solution
funkylicious
SuperUser
SuperUser

Created on ‎11-13-2024 09:56 PM

Hi,

In VPN Manager where you see those settings, you have at the bottom Advanced Options.

There you should have the source-address-negate enabled.

"jack of all trades, master of none"

View solution in original post

"jack of all trades, master of none"
174
2 REPLIES 2
funkylicious
SuperUser
SuperUser

Created on ‎11-13-2024 09:56 PM

Hi,

In VPN Manager where you see those settings, you have at the bottom Advanced Options.

There you should have the source-address-negate enabled.

"jack of all trades, master of none"
"jack of all trades, master of none"
175
JollyJohn
New Contributor II
In response to funkylicious

Created on ‎11-13-2024 09:59 PM

You win - I'd been through several times but must have missed it each time. I wonder why there is a big difference between the FortiGate GUI and the FortiManager?  I'd expect some standardisation.

167
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.