Is it possible for users to select different VPN profiles upon connection? ie present a split tunnel and full route option...ideally I would like to tunnel everything for logging and protection purposes but there is some mgmt concern, yet they want to offer full routing for starbucks, public hotspots, etc...the concern is large items like microsoft updates, etc...
Yes, in a Fortinet FortiGate environment, it's possible to configure multiple VPN profiles that users can select from, depending on their needs. You can set up different profiles to handle various scenarios, such as split tunneling (where only specific traffic is routed through the VPN) and full tunneling (where all traffic is routed through the VPN).
Here's a general outline of how you might accomplish this:
### 1. Define Different VPN Profiles Create multiple VPN profiles within the FortiGate to cater to different scenarios. For instance: - **Full Tunnel Profile**: This profile would route all traffic through the VPN, providing maximum security and logging. - **Split Tunnel Profile**: This profile would only route specific traffic (e.g., corporate resources) through the VPN, allowing other traffic to bypass the VPN. This could be useful for large downloads like Microsoft updates.
### 2. Configure SSL VPN Portals Set up different SSL VPN portals for each profile. Users will be able to choose the appropriate portal based on their needs.
### 3. Configure Group Policies You might also want to define different group policies for different user roles, determining who has access to which VPN profiles.
### 4. Educate Users Make sure users are aware of the different profiles and when to use them. You might need to create some documentation or training to ensure that they make the right choice for their situation.
### 5. Monitor and Log Traffic Since one of your goals is logging and protection, make sure to configure appropriate logging for both profiles to keep track of what's happening on the network.
### Considerations - **Security**: Full tunneling offers more control and security, but it might not always be practical. Split tunneling could expose risks if not configured correctly. - **Performance**: Full tunneling can put more load on your VPN servers, especially if users are downloading large files like OS updates. - **User Experience**: Offering multiple profiles provides flexibility but can also add complexity for the users. Clear guidelines and support can mitigate this.
Remember, configuring VPNs is a complex task that requires careful consideration of your specific needs and the security implications of different configurations. It may be beneficial to consult with a network security expert or refer to the FortiGate documentation to ensure that you're configuring these options in a way that meets your organization's requirements.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.