Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Different SSL VPN portals based solely on LDAP group membership

Hi there,


We want to control which SSLVPN portal a user is allocated based on their Active Directory group membership. This allows us to customise the Bookmarks and Applications etc for different user groups.


We have it 'sort of working' by specifying multiple user-groups in the security policies (outside->ssl.root and ssl.root->Inside) for the VPN and multiple user-groups in the SSLVPN settings which are then assigned different 'realms' and portals to these user-groups.


At the moment the user-group they authenticate against in the security policies must match a user-group/portal mapping in the SSLVPN settings.


It also means that each user group has to have a different URL for the VPN portal landing page and as a university we have over 200 unique user groups. This means we would need something like this:-










etc - You get the picture - A mess!


With each portal needing customised bookmarks/links for their individual course content etc.


Much nicer to have just https://blahblahblah and let the system decide the portal to use based on the user's memberOf attributes - This has been a feature of Cisco WEBVPN for years (using group/attribute matching) and have used it very successfully for years so why can't Fortinet come up with a similar functionality instead of the present rather inelegant and cludgey system.


Ultimately we would want to have a single authentication group that contains a single LDAP server that does global catalogue lookups on multiple group CN's in multiple forests so that the user's credentials are matched to members of specific groups.


We would then want to have a single SSL VPN landing page that maps to a portal based on the user's memberOf attribute.


Any help/advice would be appreciated we are running 5.2.7 and can upgrade if needed.





Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors