Hi !
Since 5.2 firmware there are a lot of changes in sslvpn (i.e. lack of WAN --> ssl.root polices for web-portal).
I use sslvpn very seldom - but now one of my customer upgraded from 5.0 to 5.2.
There are 2 tunnel (sslvpn) configurations and 5 web-portal configurations (for some partners).
In one particular web-portal we want to restrict access to few (or even one) public IPs but it doesn't work.
I've build policy :
Incoming interface - ssl.root
src addr - only_public_IP
src users - partnerX_group_users
Outgoing interface - lan
dst addr - Internal_Server_X
schedule - always
service - any
action - accept
Everything works OK but I can login as partnerX and access Internal_Server_X from any public IP !!!!
Since there is no wan-to-ssl.root policy I understand that I can login to portal - but IMHO I shouldn't access Internal_Server_X. This is some kind of security issue.
Is it possible to restrict it ?
Dominik Weglarz, IT System Engineer
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1696 | |
1091 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.