I'm trying to get the ssl vpn policys working based on groups.
fortigate 200d cluster
v5.0,build0318 (GA Patch 12).
5-8 different groups on the Firewall.
Each group is polling a RADIUS server (Fortiauthentication) and asking for users in a specified group on that server.
FortiAuthentication is polling my Active Directory server for members of various groups for it's own groups.
I know it sounds messy, but everything works. I'm just having some problems on the actual SSLvpn on the firewall.
I just can't get it working with applying the SSLvpn policys.
From what i know. I should do the following.
Policy type: SSL-VPN
Incoming Interface: Outside(wan)
Remote Address: All
Local Interface: Inside_srv
Local Protected Subnet: 192.168.85.0/24
Configure SSL-VPN Authentication Rules
Group(s): just a test group that i'm a member of.
SSL-VPN Portal: full-access(only one that excists)
But, this does not work. in order for it to work i have to apply another normal policy that say from ssl.root --> inside_srv in order for traffic to pass. And in the SSL-VPN policy, i can pretty much specify any network, and traffic stil passes with the "normal" policy.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.