Setting up two separate SSLVPN

genetics · ‎03-25-2025

I am looking to set up two separate SSL-VPN access connections, that would by used by two separate groups, both groups are using the same Fortinet device in one domain. (Example:) Group One: Bill is the admin of the Marketing group and supports 10 users.

Group Two: Zach is the admin of the billing group and supports 10 users. I want to make sure that both groups can access the VPN through separate IP address and separate ports. Environment FortGate 101D, Firmware 7.2.10. Thank-you

AEK · ‎03-25-2025

I'm not sure if it is useful to access SSL VPN through separate ports (I guess you mean TCP ports), but if you need it like that then you need different VDOMs.

Can you explain why do you need separate ports?

AEK

dingjerry_FTNT · ‎03-25-2025

Hi @genetics ,

In the same VDOM, I don't think that you can use separate IP and ports for SSL VPN connections.

However, you may use the SSL VPN realm for your scenario:

https://docs.fortinet.com/document/fortigate/7.2.10/administration-guide/724772/ssl-vpn-multi-realm

Regards,

Jerry

owen911 · ‎03-26-2025

Hi!
Why not marketing group use SSLVPN and Bill Group use remote IPSec.
SSLVPN enables you to create two group and use policies to restrict their access, if the goal is to control their access.

GauravPandya · ‎03-26-2025

I think one of the possible solution is to use realms as suggested by dingjerry_FTNT. You can create 2 separate realms, map user group and portal. For example,

https://<Fortigate_IP>:<port>/sslvpn/Marketing

https://<Fortigate_IP>:<port>/sslvpn/Billing

Setting up two separate SSLVPN

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website