Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
bfakhriddi
New Contributor

Created on ‎08-25-2021 06:12 AM

policy for specific user

Hi, I am trying to setup ipv4 policy for specific user with less limitations. I created user from LDAP , even group synced from LDAP , then when I am trying to set that user or group in the source its not letting me to Apply, its asking to add 

"One address, address group, or Internet service is required"  as a source , but my user is getting dynamic ip address by connecting with ssl vpn. And i cant select IP address for this user.  Anyone can advice how this can be set up?    FGT200, version 6.0.10    Thank you 
2228
0 Kudos
2 REPLIES 2
ac1
Contributor II

Created on ‎08-26-2021 01:06 AM

In version 6.4.6 you can configure the policy with source network of SSLVPN tunnel and user or group, in destination anyone else. It works.

1705
0 Kudos
lobstercreed
Valued Contributor
In response to ac1

Created on ‎08-27-2021 05:46 AM

As alluded to by ac, you DO have to use a source address.  While the user's IP might be dynamic, I'm sure you can predict the range it will be in, so you can define an address object of the entire DHCP range and use that in the policy.  Then it will match both the address in X range and the user abc.  It will ignore other users in X range because it is AND logic.

1705
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.