Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
jgo
New Contributor II

Prevent SSL VPN connection from inside network

One of my customers is complaining they are able to connect to SSL VPN (SAML) from inside their network. Not sure why they're trying to do so but is there an easy way to block this from happening? I've tried running negate from the ssl vpn settings from RFC 1918 addresses but that did not work.

 

config vpn ssl settings set source-address-negate enable

set source-address "RFC1918"

end

 

Thanks in advance for any input

1 Solution
abarushka
Staff
Staff

Hello,

 

You may consider to use local-in-policy. Please find more details by following the link below:

https://docs.fortinet.com/document/fortigate/6.2.12/cookbook/363127/local-in-policies

FortiGate

View solution in original post

4 REPLIES 4
abarushka
Staff
Staff

Hello,

 

You may consider to use local-in-policy. Please find more details by following the link below:

https://docs.fortinet.com/document/fortigate/6.2.12/cookbook/363127/local-in-policies

FortiGate
jgo
New Contributor II

Thank you! Works perfectly. Appreciate the response.

jgo
New Contributor II

Apparently this is not working. Folks can still connect to the SSL VPN from inside the Fortigate. They've been told not too and it defeats the purpose, but they don't listen.  Has anyone been successful in blocking this ability?

abarushka
Staff
Staff

Hello,

 

Alternatively you may consider to configure source address for incoming traffic:

 

config vpn ssl settings
set source-address <>
end

FortiGate
Labels
Top Kudoed Authors