Hello All! We have configured a SSL-VPN in a Fortigate 60F. The firmware version is 7.2.5. This box is behind the Company's firewall so the public IP address is "nated" to the internal IP of the WAN interface.
The tunnel is stablished and seems to work fine. The problem is that the internal IP address (that of the WAN interface) appears in the fortclient app as the remote address of the tunnel. This is a security risk, so we need to hide this IP. Does anyone has an idea on how to do this? Thank you!
I don't think it's hidable. Why do you think it's a security risk? 10.10.x.x IP is not reachable from the internet just like 192.168.1.99. And, if the users are savvy enough, they can easily see that IP once they get in an internal device with traceroute or other methods anyway.
Hello @Toshi_Esumi! Any private information exposed to public is a security risk at some level. In this case, the IP is a valid address for an internal firewall. Even if users could use some tools to get this information won't justify to give it for free.
We have other equipments (non Fortinet) providing the same type of VPN access and effectively hiding the internal IP Addresses. This, in fact, should be the default behavior. Thank you.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.