- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
different tunnel
Hi,
I just successfully setup SSL VPN with split tunneling for 10 users. When suddenly one of the remote access users, one of them need not be split tunnel because he/she basically doesn't need to be split tunneled since he/she won't be using the internet for browsing, mainly just for work.
Is it possible to isolate this specific user? BTW, I'm using a Fortigate 61E.
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You need to use either LDAP auth server or Realms to separate user groups and bind different portals; one split, the other no-split. Then set different policies. Below is one of cookbook page for realm config.
http://cookbook.fortinet.com/multi-realm-ssl-vpn/
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I agreed, you need multiple portals. This will allow you to set split-tunnel and tunnel-all to each portal.
Ken
PCNSE
NSE
StrongSwan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I've already set 2 portals,
First portal is: Full-access (tunnel and web) this portal was also set to split tunnel so they can access their internal and th einternet separately
Second portal is: Tunnel only ( no split tunnel)
But whenever I used the non-split tunnel portal, it is not recognize by one of the web servers which only recognizes the Fortigate's IP.
Thanks
Jeff
