Created on 01-22-2024 05:11 AM Edited on 02-26-2024 03:27 AM By Kate_M
Hi all,
Is there a way to restrict SSL-VPN access solely to the FQDN, disallowing users from accessing the web portal via the IP address? We prefer users to only use the FQDN for access.
OR
Can we use multiple server certificates that cover both IP and FQDN, eliminating certificate warnings?
Any lead?
Solved! Go to Solution.
Hi @Fort-zender,
There is no way to allow FQDN and deny IP address as FortiGate always see traffic coming from IP addresses. FQDN is resolved at the client side.
To avoid certificate warning, you can add FortiGates IP address to the SAN field of the certificate: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Adding-SAN-Subject-Alternative-Name-while/...
Regards,
Hello
I don't think FGT can deny VPN by IP and allow with FQDN.
On the other hand you can have one single private or public certificate for both IP and FQDN.
Hi @Fort-zender,
You can use SAN certificate for both FQDN and IP.
Hi @Fort-zender,
There is no way to allow FQDN and deny IP address as FortiGate always see traffic coming from IP addresses. FQDN is resolved at the client side.
To avoid certificate warning, you can add FortiGates IP address to the SAN field of the certificate: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Adding-SAN-Subject-Alternative-Name-while/...
Regards,
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.