Hello,
we are using FortiGate together with FortiClient. But we also discovered the web vpn access (port 10443).
In the VPN setting you have 3 profiles (Full-Tunnel-Web).
Is there a possibility to give to the people who use the FortiClient VPN the full access profile and when they are using a browser (web vpn) only the web profile?
Kr,
Danny
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
AFAIK No, you could use different users (one for web, another for client) but whichever portal you set highest in the list for the user is the one they are limited to.
But what is it exactly you want to achieve by this? I don't see any advantage.
gschmitt wrote:AFAIK No, you could use different users (one for web, another for client) but whichever portal you set highest in the list for the user is the one they are limited to.
But what is it exactly you want to achieve by this? I don't see any advantage.
Because the FortiClient is only installed on company pc's and when they are using the web vpn the users are using their own or other non secure pc's.
So you want to use different sets of policies depending on your level of trust?
Sorry, I think that can only be done via different users
The only way I can think of doing this would be to add device authentication to your policy. Then you could require that a company PC be used to connect to the full-access portal, while all other devices are sent to the web-access portal.
How feasible this would be depends on how many company PCs you would have to create definitions for.
Technical Writer, FortiOS
Let me know if there's anything you want to see added to the FortiGate Cookbook.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1710 | |
1093 | |
752 | |
446 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.