Hi,
I am working on an SSL VPN configuration to perform host check of the PC user1 is connecting. If the PC is joined to domain1, then give him portal profile A, otherwise give him portal profile B.
Basically we would like to limit access for Non-domain joined PCs.
I have configured a host check to perform registry key check for the domain name which is working fine, however if the same user tries to connect from a non-domain joined PC, it does not connect them at all. I would like them to be able to connect, but have limited access and a different IP address.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Does a realm + portal help in your case? If with no-domain PC, try https://wanip/byod byod is your new realm that also matches LDAP user but no registry key check. The new portal can help to achieve limited access and a different IP address.
Thanks for the quick response Chris. Anything would help. Can you guide me through a Knowledge base which I can use to ahcieve this?
BTW, one of the requirement is for both domain joned and non-domain joined users to use FortiClient to connect to the VPN. Our current configuration allows Forticlient users if they are joined to the domain and BYOD users use web portal, then that is also working, but we want both users to use FortiClient and host check differentiates between company PC and BYOD
https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/724772/ssl-vpn-multi-realm
This is the realm config example.
The purpose of the realm here is to allow user login from different channels. You can apply with different portals that match different host check, for example, 'domain' portal with domain host registry check and 'BYOD' portal with MAC address check, as well as a different IP address pool.
Thanks Chris, we want the URL to not change. Both machines should be able to connect to VPN and use the same URL.
So, I want the host check to check if the registery key is present, if yes then give the user Profile Domain, if not then give the user Profile BYOD
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1720 | |
1093 | |
752 | |
447 | |
234 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.