Hello,
I'm new with the ssl vpn topic. I'm working for a bigger company with many factories all over the world.
We have a central company vpn solution for accessing the network devices / ressources from mobile working or homeoffice (zscaler). But with this vpn solution we are reaching all devices (in general) all over the world, if they have public addresses.
In this factory we can reach our clients with public addresses for remote support. But we can also reach them from outside factory (with central vpn). Now we want to restrict this access from homeoffice / mobile working with our own vpn (fortigate).
This works already for our private adresses, because there is no route with the central vpn solution, it uses the vpn solution from us. Zscaler must be turned on, otherwise we don't reach the ssl vpn.
Any ideas? Otherwise I would migrate those clients from public to private adderesses.
HI @Pkay983 ,
I am not sure if i understood your situation correctly, but you can configure FortiGate and restrict SSL VPN to certain IP addresses, subnets , ip ranges and GEO locations based on countries.
You can achieve this by creating address objects :
Thank you can apply them here on the SSL VPN settings :
Created on ‎02-25-2024 10:26 AM Edited on ‎02-25-2024 11:07 AM
I want my client to use the Forti SSL VPN Connection for my Clients in the Factory.
but my Client Uses the Company VPN Solution (Zscaler).
Edit: in the routingtable on my client I find the IP-Range pointed to my fortigate ssl vpn, but the client still uses the way over the company zscaler connection.
Private adresses are working fine.
| User | Count |
|---|---|
| 2211 | |
| 1204 | |
| 770 | |
| 451 | |
| 355 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.
