Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Not applicable

Created on ‎08-18-2006 05:17 PM

SSL-VPN: Restrict destinations by group?

Hi everyone. I' ve been scratching my head on this one: I' d like to restrict what destination IP addresses on the protected network are reachable via ssl-vpn client groups. I thought this would be doable by defining a wide SSL-VPN range, then restricting which addresses were actually assigned on connection via the SSL-VPN group settings (restrict IP tunnel range), and finally creating a SSL-VPN policy which explictly states the source and destinations allowed and assigning the appropriate group(s). It seems as if this should work, but alas; it does not and I' m left banging my head. Everyone SSL-VPN' ing in can access everything on the said protected subnet. What am I missing?
5096
0 Kudos
11 REPLIES 11
OnTheEdge
New Contributor

Created on ‎02-05-2007 04:48 PM

I' m curious, did MR4 actually simplified this ? H@ns
H@ns
H@ns
448
0 Kudos
OnTheEdge
New Contributor

Created on ‎02-09-2007 12:52 PM

Hello, just to let you know that I' ve used this procedure to restrict some users to some IP address in our network. But in our case, users are authenticated thru our RSA Secure ID appliance. It works great but it involves a lot of manual work. I just hope they will ease this a bit in a future release. H@ns
H@ns
H@ns
448
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.