Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
ORIGINAL: blanni I now have both policies in place and everything is working well!That' s strange. You don' t actually need to use an extra ACCEPT policy for SSL VPN traffic, unless there are some kind of firmware bug?
ORIGINAL: blanni I now have both policies in place and everything is working well!That' s strange. You don' t actually need to use an extra ACCEPT policy for SSL VPN traffic, unless there are some kind of firmware bug?
ORIGINAL: blanni **EDIT** I think all of this is exactly what Federico was getting at in his earlier post.Ok, my english is not so good, but that was the info ... Remote routing is configured by the Internet - PortXX rule (with Action SSL_VPN). When you configure the policy with an ANY to LAN1 you are allowing connection to LAN1 from the SSL portal but you are also " passing" LAN1 route to the remote client (if it connect with the VPN client ..). With the ssl.root - PortXX rule (with ACCEPT) you allow the traffic from the VPN ssl client. If you don' t need Portal Access VPN, just add only ping as the service in the SSL portal that you bind to the SSL VPN rule (so if the user connect to the SSL portal instead of using the SSL VPN client, he cannot bypass the ssl.root - PortXX rule). Bye !
Created on 02-08-2013 07:14 AM
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1713 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.