Hi, I'm configuring usergroup bookmark in VPN SSL Portals, but it's not working as expected. Here is my configuration:
EUREPFWMAT1 (Tecnocampus) # config vpn ssl web user-group-bookmark
EUREPFWMAT1 (user-group-bookmark) # show
config vpn ssl web user-group-bookmark
edit "G-Bookmarks-EC_Commercial"
config bookmarks
edit "Commercial1Server"
set apptype rdp
set host "172.20.10.74"
set server-layout failsafe
set port 3389
next
edit "Commercial2Server"
set apptype rdp
set host "172.20.46.217"
set server-layout failsafe
set port 3389
next
end
next
edit "G-Bookmarks-EC_Financial"
config bookmarks
edit "FinancialServer1"
set apptype rdp
set host "172.20.46.237"
set server-layout failsafe
set port 3389
next
edit "FinancialServer2"
set apptype rdp
set host "172.20.46.238"
set server-layout failsafe
set port 3389
nextt
end
next
end
Then I have multiple users, some of them are belong to "G-Bookmarks-EC_Commercial" and others to "G-Bookmarks-EC_Financial"
In VPN SSL Settings -> Portal Mapping, both groups are mapped to the same portal, named "EC_PortalCorp".
Finally, i have a rule that allow the VPNSSL network and both groups to access to networks 172.20.0.0/16
config firewall policy
edit 1
set name "EC_vpnsslTC_MATTOInside"
set uuid d16741be-1eab-51e7-1cff-37cd62056087
set srcintf "ssl.Tecnocampus"
set dstintf "VDL_Root-TC0"
set srcaddr "EC_vpnSSLCorp_MAT"
set dstaddr "EC_ALL_BCN-net"
set action accept
set schedule "always"
set service "ALL"
set groups "G-Bookmarks-EC_Financial" "G-Bookmarks-EC_Commercial"
next
When I log in with a user that belongs to financial group, the bookmarks inside VPN Portal are mapped, and if i log with a commercial user, the respective bookmarks are mapped too, so up to here all is OK!
The problem comes when I include a user (xavidpr4) in both groups. I was expecting that bookmarks from two groups were mapped, but instead of that, only one group applies. I debuged the VPN SSL login and this is the output. Seems that only match one group:
2017-04-13 10:51:00 [3367:Tecnocampus:2b1]deconstruct_session_id:363 decode session id ok, user=[xavidpr4],group=[G-Bookmarks-EC_Financial],portal=[EC_PortalCorp],host=[XX.YY.76.10],realm=[],idx=0,auth=16,sid=3f8ef619, login=1492073460, access=1492073460
2017-04-13 10:51:00 [3367:Tecnocampus:2ad]req: /remote/portal?access=admin
2017-04-13 10:51:00 [3367:Tecnocampus:2ad]deconstruct_session_id:363 decode session id ok, user=[xavidpr4],group=[G-Bookmarks-EC_Financial],portal=[EC_PortalCorp],host=[XX.YY.76.10],realm=[],idx=0,auth=16,sid=3f8ef619, login=1492073460, access=1492073460
2017-04-13 10:51:00 [3367:Tecnocampus:2ac]req: /remote/portal
2017-04-13 10:51:00 [3367:Tecnocampus:2ac]deconstruct_session_id:363 decode session id ok, user=[xavidpr4],group=[G-Bookmarks-EC_Financial],portal=[EC_PortalCorp],host=[XX.YY.76.10],realm=[],idx=0,auth=16,sid=3f8ef619, login=1492073460, access=1492073460
Hi,
have you found any solution to this problem?
Best Regards
Dominik
NSE 4/5/7
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.