different tunnel

technician · ‎02-14-2018

Hi,

I just successfully setup SSL VPN with split tunneling for 10 users. When suddenly one of the remote access users, one of them need not be split tunnel because he/she basically doesn't need to be split tunneled since he/she won't be using the internet for browsing, mainly just for work.

Is it possible to isolate this specific user? BTW, I'm using a Fortigate 61E.

Thanks

Toshi_Esumi · ‎02-14-2018

You need to use either LDAP auth server or Realms to separate user groups and bind different portals; one split, the other no-split. Then set different policies. Below is one of cookbook page for realm config.

http://cookbook.fortinet.com/multi-realm-ssl-vpn/

emnoc · ‎02-14-2018

I agreed, you need multiple portals. This will allow you to set split-tunnel and tunnel-all to each portal.

Ken

PCNSE

NSE

StrongSwan

technician · ‎02-26-2018

I've already set 2 portals,

First portal is: Full-access (tunnel and web) this portal was also set to split tunnel so they can access their internal and th einternet separately

Second portal is: Tunnel only ( no split tunnel)

But whenever I used the non-split tunnel portal, it is not recognize by one of the web servers which only recognizes the Fortigate's IP.

Thanks

Jeff

different tunnel

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website