I have a VIP address that is available to my internal users. It's not linked to a specific interface (any) so the fortigate listen on all the interfaces.
From GUI I cant create a policy with source ssl.root and destination the vlan were the VIP belongs to, it give an error.
Does anyone noticed this behavior? I was able to create such policy in FortiOS 5.2.
Thanks for any feedback!
What is the error? Can you do it from the CLI ? Was it working b4 5.4 ?
Ken
PCNSE
NSE
StrongSwan
Hi, the error is "Some changes failed to save". On FOrtiOS 5.2.X I can create policy like this.
Thanks!
Try it from the command line copy the configuration to this thread
e.g
config firewall policy edit 2092 set uuid 4ba384b4-2acf-51e7-0625-d4a5431bbd04 set srcintf "ssl.root" set dstintf "NETWORKRED01" set srcaddr "SSLVPN_TUNNEL_ADDR1" set dstaddr "VIP_WEBSERVER01 set action accept set schedule "always" set service "HTTP" "HTTPS" "PING" next end
PCNSE
NSE
StrongSwan
Hi, creating the policy via cli it works. The only problem is that I cant use the "set groups" command to restrict the access to the SSL VPN portal group and this permit the access to the VIP resource to all the SSL VPN portals (and users).
Anyway it works :)
Thanks
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.