Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Alexandre1
New Contributor

VPN SSL WEB FILTER AND APP CONTROL

1- I have an SSL VPN and I need that when users connect from home, the internet output must be done through the company's Wan links.

2- I need to apply the Web filter and the application control in this SSL VPN rule

can anyone help?

 

#VPNSSL

 

3 REPLIES 3
pminarik
Staff
Staff

This is a fairly basic scenario. Here's a KB for full-tunnel SSL-VPN - https://docs.fortinet.com/document/fortigate/7.0.9/administration-guide/559546/ssl-vpn-full-tunnel-f....

 

The key elements are:

  1. Ensure that the portal assigned to users has split tunneling disabled
    tunnel-mode SSL-VPN profile with split tunneling disabledtunnel-mode SSL-VPN profile with split tunneling disabled
  2. Ensure that you have an <sslvpn interface> => "wan" firewall policy and enable any relevant UTM inspection profiles in it.
    sample SSL-VPN firewall policy for internet accesssample SSL-VPN firewall policy for internet access

     

[ corrections always welcome ]
Yurisk
Valued Contributor

Just a note - you forgot to enable the NAT on the rule. 

Yuri https://yurisk.info/  blog: All things Fortinet, no ads.
Yuri https://yurisk.info/ blog: All things Fortinet, no ads.
pminarik

Good point!
This was originally a screenshot of a VPN policy directed into the local LAN, with the outgoing interface covered by a new text, where SNAT wouldn't be needed, and I forgot to update that part.

[ corrections always welcome ]
Labels
Top Kudoed Authors