Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ronnie_jorgensen
New Contributor

Is user based policies on users from SSL VPN possible???

Hi all, I need to allow 3 people access from SSL VPN to a few servers in the DMZ. Is user based policies possible and if so, what do I need in order to make that work? We do have RADIUS authentication against Active Directory set up for SSL VPN. We also have a SSL_VPN_USERS user group which has group type firewall and has the RADIUS server as member. I figured a user based policy might be better than a IP/Computer based one in case we change device.

3 REPLIES 3
sw2090
Honored Contributor

hm since the FGT doesn't know your users I don't think you can do user based. But you might be able to use radius groups in policies.

If anyone knows better please don't hesitate to correct me though ;)

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
adambomb1219
Contributor III

Yes this should work since you are performing active authentication with SSL VPN.

smayank
Staff
Staff

Yes you can achieve the same by configuring user in source address and configure destination as your DMZ server. once user logged in to SSL VPN user will be mapped to ip and if packet comes firewall will be able to take action on basis of user policy

Top Kudoed Authors