Hi there,
We want to control which SSLVPN portal a user is allocated based on their Active Directory group membership. This allows us to customise the Bookmarks and Applications etc for different user groups.
We have it 'sort of working' by specifying multiple user-groups in the security policies (outside->ssl.root and ssl.root->Inside) for the VPN and multiple user-groups in the SSLVPN settings which are then assigned different 'realms' and portals to these user-groups.
At the moment the user-group they authenticate against in the security policies must match a user-group/portal mapping in the SSLVPN settings.
It also means that each user group has to have a different URL for the VPN portal landing page and as a university we have over 200 unique user groups. This means we would need something like this:-
https://blahblahblah/firstyearartstudents
https://blahblahblah/firstyearjournalismstudents
.
.
.
https://blahblahblah/thirdyeargamingdesignstudents
.
.
etc - You get the picture - A mess!
With each portal needing customised bookmarks/links for their individual course content etc.
Much nicer to have just https://blahblahblah and let the system decide the portal to use based on the user's memberOf attributes - This has been a feature of Cisco WEBVPN for years (using group/attribute matching) and have used it very successfully for years so why can't Fortinet come up with a similar functionality instead of the present rather inelegant and cludgey system.
Ultimately we would want to have a single authentication group that contains a single LDAP server that does global catalogue lookups on multiple group CN's in multiple forests so that the user's credentials are matched to members of specific groups.
We would then want to have a single SSL VPN landing page that maps to a portal based on the user's memberOf attribute.
Any help/advice would be appreciated we are running 5.2.7 and can upgrade if needed.
Andrew
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1696 | |
1091 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.