- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Prevent SSL VPN connection from inside network
One of my customers is complaining they are able to connect to SSL VPN (SAML) from inside their network. Not sure why they're trying to do so but is there an easy way to block this from happening? I've tried running negate from the ssl vpn settings from RFC 1918 addresses but that did not work.
config vpn ssl settings set source-address-negate enable
set source-address "RFC1918"
end
Thanks in advance for any input
Solved! Go to Solution.
- Labels:
-
FortiClient
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
You may consider to use local-in-policy. Please find more details by following the link below:
https://docs.fortinet.com/document/fortigate/6.2.12/cookbook/363127/local-in-policies
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
You may consider to use local-in-policy. Please find more details by following the link below:
https://docs.fortinet.com/document/fortigate/6.2.12/cookbook/363127/local-in-policies
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you! Works perfectly. Appreciate the response.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Apparently this is not working. Folks can still connect to the SSL VPN from inside the Fortigate. They've been told not too and it defeats the purpose, but they don't listen. Has anyone been successful in blocking this ability?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
Alternatively you may consider to configure source address for incoming traffic:
config vpn ssl settings
set source-address <>
end
