Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
systemgeek
Contributor

SSLVPN Settings Address Range vs SSLVPN Portals Source IP Pools

On the Fortigate under SSL-VPN Settings you need to specify an Address Range.  But you also need to do the same thing under SSL-VPN Portals Source IP Pools.  Presumably if you have multiple portals each one would have their own IP pool.  So why are you forced to enter in the range twice?

1 Solution
hbac
Staff
Staff

Hi @systemgeek,

 

IP range under SSLVPN setting is a global setting for all portals. Source IP Pools under SSLVPN portal allows you to override the IP range per portal for more flexibility. You can refer to https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-configure-specific-SSL-VPN-address-...

 

Regards, 

View solution in original post

6 REPLIES 6
dbu
Staff
Staff

HI @systemgeek ,

On the SSL VPN portal you specify which IP sources are allowed to access , while on the SSL VPN settings you are specifying what IP address to assign to the authenticated users.

 

Regards!
If you have found a solution, please like and accept it to make it easily accessible for others.
ozkanaltas
Valued Contributor III

Hello @systemgeek ,

 

I couldn't find any explanation related to that. But in my opinion, Fortigate uses as a fallback IP which is configured IP in the vpn settings.

 

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
funkylicious
SuperUser
SuperUser

I think this article will shed some light, https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-SSL-VPN-is-connected-but-is-not-gett...

"jack of all trades, master of none"
"jack of all trades, master of none"
hbac
Staff
Staff

Hi @systemgeek,

 

IP range under SSLVPN setting is a global setting for all portals. Source IP Pools under SSLVPN portal allows you to override the IP range per portal for more flexibility. You can refer to https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-configure-specific-SSL-VPN-address-...

 

Regards, 

systemgeek

So for example I have reserved a /16 for all VPN users.  That /16 is then broken up into /24s for each VPN group.  I should put the /16 into the SSLVPN Settings global setting and then each portal put in the /24 I want to assign to the users of that portal????

 

Sound right for an example?

hbac

Hi @systemgeek.,

 

Yes, you are right. 

 

Regards, 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors