I am having issues with getting outgoing SSL VPN setup
The VPN is setup as
and must be a member of two groups, one to allow VPN, and the other to determine their web access
Below is my current configuration remote users can connect successfully and 2-factors works, and all users outgoing web access to sites is the same.
Incoming Firewall Policy for VPN
What I am trying to do and it not working is to filter the Outgoing traffic based on the users Active Directory group.
I have created more Firewall Policies like the one below but when activated VPN users always hit the first Firewall policy even if they are not in the active directory group.
I have checked the FortiGate Source rules, and it says if the Source types are different then it’s “AND” and if they are the same its “OR”.
So the example should only be met if all sources are met.
Thanks
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
First of all, try update your FortiOS to 7.2.7. I see there is already FSSO bug fixed on 7.2.5 that may have relationship with your issue.
873313 SSL VPN policy is ignored if no user or user group is set and the FSSO group is set.
In all cases you need update to 7.2.7 to fix the VPN vulnerability if you want to stay safe.
https://docs.fortinet.com/document/fortigate/7.2.7/fortios-release-notes/289806
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1732 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.