Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
systemgeek
Contributor

Created on ‎04-25-2024 02:46 PM

SSLVPN Settings Address Range vs SSLVPN Portals Source IP Pools

On the Fortigate under SSL-VPN Settings you need to specify an Address Range.  But you also need to do the same thing under SSL-VPN Portals Source IP Pools.  Presumably if you have multiple portals each one would have their own IP pool.  So why are you forced to enter in the range twice?

Labels:
1304
0 Kudos
1 Solution
hbac
Staff
Staff

Created on ‎04-26-2024 06:12 AM

Hi @systemgeek,

 

IP range under SSLVPN setting is a global setting for all portals. Source IP Pools under SSLVPN portal allows you to override the IP range per portal for more flexibility. You can refer to https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-configure-specific-SSL-VPN-address-...

 

Regards, 

View solution in original post

1216
0 Kudos
6 REPLIES 6
dbu
Staff
Staff

Created on ‎04-25-2024 03:05 PM

HI @systemgeek ,

On the SSL VPN portal you specify which IP sources are allowed to access , while on the SSL VPN settings you are specifying what IP address to assign to the authenticated users.

 

Regards!
If you have found a solution, please like and accept it to make it easily accessible for others.
1295
ozkanaltas
Valued Contributor III

Created on ‎04-25-2024 11:08 PM

Hello @systemgeek ,

 

I couldn't find any explanation related to that. But in my opinion, Fortigate uses as a fallback IP which is configured IP in the vpn settings.

 

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
1241
funkylicious
SuperUser
SuperUser

Created on ‎04-26-2024 12:19 AM

I think this article will shed some light, https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-SSL-VPN-is-connected-but-is-not-gett...

"jack of all trades, master of none"
"jack of all trades, master of none"
1232
0 Kudos
hbac
Staff
Staff

Created on ‎04-26-2024 06:12 AM

Hi @systemgeek,

 

IP range under SSLVPN setting is a global setting for all portals. Source IP Pools under SSLVPN portal allows you to override the IP range per portal for more flexibility. You can refer to https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-configure-specific-SSL-VPN-address-...

 

Regards, 

1217
0 Kudos
systemgeek
Contributor
In response to hbac

Created on ‎04-26-2024 06:24 AM

So for example I have reserved a /16 for all VPN users.  That /16 is then broken up into /24s for each VPN group.  I should put the /16 into the SSLVPN Settings global setting and then each portal put in the /24 I want to assign to the users of that portal????

 

Sound right for an example?

1212
0 Kudos
hbac
Staff
Staff
In response to systemgeek

Created on ‎04-26-2024 06:31 AM

Hi @systemgeek.,

 

Yes, you are right. 

 

Regards, 

1209
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.