We are moving our SSL VPN tunnel users from Pulse Secure to FortiGate (6.0.6). In Pulse Secure, we can limit access based on the remote user's MAC address. I found https://kb.fortinet.com/k....do?externalID=FD41648 which describes how to configure that for SSL VPN
web mode, but a number of our SSL VPN users will be using tunnel mode exclusively. Is there a way to configure a mac-addr-check in tunnel mode via a host check option? If not, is there another way to limit access based on some other unique feature of a remote device?
Kind regards,
Herta
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
"config vpn ssl web portal" defines profiles for both types of VPN; tunnel mode and web mode. The KB describes only MAC address check portion of config in the portal. It should work regardless of the mode the users use. You can even enable both modes in one profile like below.
As a matter of fact, when I enabled the mac-addr-check in tunnel mode enabled profile, it accepted it.
config vpn ssl web portal edit "full-access" set tunnel-mode enable set ipv6-tunnel-mode enable set web-mode enable set ip-pools "SSLVPN_TUNNEL_ADDR1" set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1" set mac-addr-check enable next <snip>
"config vpn ssl web portal" defines profiles for both types of VPN; tunnel mode and web mode. The KB describes only MAC address check portion of config in the portal. It should work regardless of the mode the users use. You can even enable both modes in one profile like below.
As a matter of fact, when I enabled the mac-addr-check in tunnel mode enabled profile, it accepted it.
config vpn ssl web portal edit "full-access" set tunnel-mode enable set ipv6-tunnel-mode enable set web-mode enable set ip-pools "SSLVPN_TUNNEL_ADDR1" set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1" set mac-addr-check enable next <snip>
Nice. Thanks for your help, Toshi Esumi.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1679 | |
1085 | |
752 | |
446 | |
226 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.