I'm trying to setup a 200F so that multiple AD groups can connect to the site using FortiClient (IPsec not SSL) for VPN access. Group1 should be allowed to a subset of ips, group2 a different set of ips, etc. Should I just create the groups on the FGT and then make multiple rules from the VPN zone to LAN and just call the respective group in the source for each 1? Or will that match all users regardless since they will have the same source up(from the DHCP pool)?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
You can do it both ways. Have a different VPN portal with unique IP Pool for users based on different AD group membership. Or, put everyone in the same portal with the same IP Pool and use Firewall Policies to restrict access using AD group membership.
On a Firewall Policy if you define two rules each with the same source and dest IP but different source user groups, then you will only match the policy that has the correct user.
Then, create different portals for each respective group with the relevant restrictions in place.
Thanks for the reply. This is for IPsec so are different portals an option? I know for SSL I would have more options but not going that route yet.
Hi
For Ipsec tunnel, you could configure inherit from policy on the ipsec phase 1 of the firewall
Then you could configure the required firewall policy with groups for each policy.
When users connect to the VPN, the user would be able to access the required resources based on the firewall policy
Regards
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1663 | |
1077 | |
752 | |
446 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.