Hello,
All my users are in a LDAP group "Users".
All my admins are in LDAP group "Admins" and "Users"
I have a SSL VPN portal for all users (Group Users).
I have created a specific portal for all admins.
But the admins are recognized like simple users.
They are a possibility to do this ? Because i tried to change order but nothing change, my admins are seen like simple users.
Thks
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
There are more to have two user groups backed by one Auth server than just separate portals. You need to have separate policy sets after defining two different user groups.
But even if you do that, admin users might not be consistently recognized as admin users if the username is the same. Because the FGT asks authentication for all possible groups for SSL VPN even if they're authenticated by different auth servers. Then accepts the first affirmative reply.
Read the @Debbie_FTNT 's KB below:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-A-quick-guide-to-FortiGate-SSL-VPN-authent...
So your option would be using "realms" so that the user can specify which group to log on by themselves, unless you can/want to define different usernames for admin users, like Sylvanar_a.
Below @fernandezm_FTNT's KB explain how to configure realm based SSL VPN in GUI.
https://community.fortinet.com/t5/Blogs/Deploying-SSL-VPNs-Using-Multiple-Realms/ba-p/238145
But it's basically the same with the old cookbook like below, which is based on CLI:
https://docs.fortinet.com/document/fortigate/6.2.15/cookbook/724772/ssl-vpn-multi-realm
Toshi
There are more to have two user groups backed by one Auth server than just separate portals. You need to have separate policy sets after defining two different user groups.
But even if you do that, admin users might not be consistently recognized as admin users if the username is the same. Because the FGT asks authentication for all possible groups for SSL VPN even if they're authenticated by different auth servers. Then accepts the first affirmative reply.
Read the @Debbie_FTNT 's KB below:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-A-quick-guide-to-FortiGate-SSL-VPN-authent...
So your option would be using "realms" so that the user can specify which group to log on by themselves, unless you can/want to define different usernames for admin users, like Sylvanar_a.
Below @fernandezm_FTNT's KB explain how to configure realm based SSL VPN in GUI.
https://community.fortinet.com/t5/Blogs/Deploying-SSL-VPNs-Using-Multiple-Realms/ba-p/238145
But it's basically the same with the old cookbook like below, which is based on CLI:
https://docs.fortinet.com/document/fortigate/6.2.15/cookbook/724772/ssl-vpn-multi-realm
Toshi
Thank you for your answer, i will try this.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.