force ssl vpn connection for ip subnets

Pkay983 · ‎02-25-2024

Hello,

I'm new with the ssl vpn topic. I'm working for a bigger company with many factories all over the world.

We have a central company vpn solution for accessing the network devices / ressources from mobile working or homeoffice (zscaler). But with this vpn solution we are reaching all devices (in general) all over the world, if they have public addresses.

In this factory we can reach our clients with public addresses for remote support. But we can also reach them from outside factory (with central vpn). Now we want to restrict this access from homeoffice / mobile working with our own vpn (fortigate).

This works already for our private adresses, because there is no route with the central vpn solution, it uses the vpn solution from us. Zscaler must be turned on, otherwise we don't reach the ssl vpn.

Any ideas? Otherwise I would migrate those clients from public to private adderesses.

dbu · ‎02-25-2024

HI @Pkay983 ,

I am not sure if i understood your situation correctly, but you can configure FortiGate and restrict SSL VPN to certain IP addresses, subnets , ip ranges and GEO locations based on countries.
You can achieve this by creating address objects :

Thank you can apply them here on the SSL VPN settings :

Regards!
If you have found a solution, please like and accept it to make it easily accessible for others.

Pkay983 · ‎02-25-2024

I want my client to use the Forti SSL VPN Connection for my Clients in the Factory.

but my Client Uses the Company VPN Solution (Zscaler).

Edit: in the routingtable on my client I find the IP-Range pointed to my fortigate ssl vpn, but the client still uses the way over the company zscaler connection.

Private adresses are working fine.