Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
jimeshmakwana
New Contributor

In dial up IPsec vpn, we do not support user in firewall policy, only support IP address

Hi,

we are using fortigate vpn client to access our servers.

 

Our requirement is below

If

VPN User = xxx.vpn

MAC add = xx:b

Time = 06:00 Am to 06:00 PM

 

Then allow below Servers.

Mail_SRV=xx

chat=xxx

I created dial up ipsecvpn & policy vpn to lan

but in policy when i add user then it's not work else it's working

TAC Engineer answer is - In dial up IPsec vpn, we do not support user in firewall policy, only support IP address

 

Jimesh

1 REPLY 1
sw2090
SuperUser
SuperUser

hm

 

Date and Time validity can be achieved by using some schedule in the policy. That would deaktivate the policy if not in schedule. So it will only match traffic within schedule.

 

I think yo could set a user as source for a poliy even with vpn but it will only prompt the user for creds and this will also only work for http and https. It wil not work if you want to do IMAP/POP3 or bascially anything not http(s).

I don't think you can set source to a mac address.

 

You could however use device detection and then set the deivce into the policy to limit it to that device or debice group.

 

Or you could use dhcp over ipsec with client specific reservations and then nail it to the ip address.

 

hth

Sebastian

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors