Hello,
i want to use LDAP + Client Certificate for my SSL VPN.
We use like 20 SSL VPN Portals.
Do I understand correctly that I can either use certificate authentication for everyone or none. I only want to use it for certain portals ?
Thanks
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
This is possible. You have the option to apply it to the Group - Portal mapping.
See this document: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Configuring-SSL-VPN-client-certificate/ta-...
Hello @Andizer ,
This admin guide might also help you.
https://docs.fortinet.com/document/fortigate/7.0.14/administration-guide/751987/ssl-vpn-with-ldap-in...
regards,
Sheikh
That was very helpful, thank you.
However, I have a small problem.
If I remove the user peer, pretty much any certificate that Fortigate can cross-check is allowed.
Now I only want to allow certificates from a specific CA.
edit 13
set groups "vpn_user_systems_admin-2fa"
set portal "bbw-systems_admin-2fa"
set client-cert enable
set user-peer "CA_Cert_3"
next
end
While using the user-peer, i cant connect anymore.
config user peer
edit "CA_Cert_3"
set ca "CA_Cert_3"
next
end
I am sure i am missing something.
Additional question can i set a wildcard "set cn .company.de" like that ?
*Certificate selection looks fine inside of my forticlient
Thanks
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1517 | |
1013 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.