Hi,
I am new to fortigate and just configured Remote access VPN for FortiClient to our FortiGate cluster. I created Firewall rules for the IP Address pool to the internal network, however some rules I like to narrow down for specific VPN users.
I Have added 2 Ldap users to the Firewall which are also using FortiTokens for MFA.
For example I want only user1 to be able to access internet in the following configuration. Is it just a matter of adding User1 to the source of the rule?
edit "User1" set type ldap set two-factor fortitoken set fortitoken "xxxxxxxxxxxxxx" set email-to "user1@mail.com" set ldap-server "Ldap-server"
edit 245 set name "RA_Users Web Access" set uuid 13c77ac4-3ca4-51ea-d2bd-4dd6af20a26e set srcintf "RAVPN" set dstintf "Untrust" set srcaddr "RA_IP-pool" set dstaddr "all" set action accept set schedule "always" set service "ALL" set utm-status enable set logtraffic all set fsso disable set comments "RA Users Web Access policy" set av-profile "xxxxx" set webfilter-profile "xxxxxxxx" set ips-sensor "default" set ssl-ssh-profile "certificate-inspection" set nat enable
Many thanks,
Jan
Hello,
You need to add a group with that user selected in the VPN config:
https://kb.fortinet.com/kb/documentLink.do?externalID=FD36413
Regards.
Thanks Makco10,
I'll have a look into that.
Jan
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.