Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
raffas
New Contributor

Created on ‎12-02-2024 02:47 AM

How to prevent SSL-VPN port from using all configured IP addresses

WAN1 port has got 5 different IPs from the same block. I noticed SSL-VPN is active all of those IPs, but I wish for it to only reply to the main address.

Are you forced to write a specific firewall policy, or is there a way to only bind SSL-VPN service to a single, specific IP address?

https://omegle.onl/ vshare
https://omegle.onl/ vshare
Labels:
225
0 Kudos
2 REPLIES 2
sjoshi
Staff
Staff

Created on ‎12-02-2024 04:35 AM

Hi,

 

Is the public IP directly  configured on the FGT interface or is there any upstream device

Let us know if this helps.
Salon Raj Joshi
199
dingjerry_FTNT
Staff
Staff

Created on ‎12-02-2024 07:07 AM

Hi @raffas ,

 

1) Create one loopback interface with one non-used IP and bind SSL VPN to this interface instead of WAN1;

2) Create one VIP with the Public IP that you need for SSL VPN and map to this loopback IP.  It's better to turn on port forwarding with the SSL VPN port number, i.e.:  10443

3) Create a firewall policy with VIP applied from WAN1 to this loopback Interface.

 

The rest are the regular SSL VPN configurations.

 

Regards,

Jerry
188
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.