We have a stock "full-access" portal we use that enables split tunneling. We have a single user that has an application on her laptop that much appear to come from within our network in order to work. All I am trying to do is create another portal, just for her, that disables split tunneling.
Portal is created..no problem.
I create a new SSL VPN firewall policy specifying the user and info and authentication rule specifying the SSL portal to use and I am unable to save it without error about range not valid...
Is this the correct procedure to do this? I'm following the cookbook for 5.0.7 and I thought it was pretty staightforward but I guess not. All I want is a second portal for a single user that doesn't use split tunneling.
I don't remember exactly how 5.0 SSL VPN config looked like since they changed quite a bit w/ 5.2, which we're current running. Based on the error message you described, looks like it doesn't like another portal referred by another policy with different set of users is sharing the same IP pool with the original one. Try assigning a different pool without overlapping.
Doh! That was it...what a bonehead I am sometimes. I had the incoming interface as ssl.root and local interface as Wan1 (gee..that makes perfect sense...NOT) but it should have been Wan1 for incoming and LAN as local.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.