- Forums
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiBridge
- FortiAuthenticator
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDDoS
- FortiDAST
- FortiDB
- FortiDNS
- FortiDevSec
- FortiDeceptor
- FortiDirector
- FortiEDR
- FortiGate Cloud
- FortiExtender
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecorder
- FortiRecon
- FortiSandbox
- FortiScan
- FortiSASE
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- FortiWebCloud
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- restrict SSL VPN traffic to RDP
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
restrict SSL VPN traffic to RDP
SSL VPN up and working great but I want to restrict the VPN traffic to RDP only to protect the internal network from issues with remote users.
The native RDP client in SSL VPN doesn' t work for our needs.
Whenever I change the Service from anything but ANY there are issues with the SSL VPN tunnel.
What am I missing? Thanks in advance.
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I still have no solution. Any ideas from anyone why this doesn' t work?
SSL VPN is great but I don' t need to open the entire LAN to remote users, just a single service.
Advice appreciated!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In the advanced section of the User Group, choose an IP range that tunnel users will appear under. Then create a Policy -> Address Range that duplicates this, and use it in the corresponding Policy. This will restrict these users only to what the policy will allow. The tunnel range must consist of IP addresses that reside on the Fortinet interface, or it won' t work.
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Bob - self proclaimed posting junkie!See my Fortigate related scripts
at: http://fortigate.camerabob.com
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the response, but this still isn' t 100% clear to me.
I have my SSL VPN rule in place WAN > Internal. Source - ALL, Dest - ALL, Service ANY. Altering that policy in any way breaks the SSL VPN.
I have my SSL VPN IP Range address group created. Do I create another WAN > Internal policy and specify the SSL VPN IP' s as the source? Won' t the other SSL VPN policy of ALL > ALL override that?
All I want to do is restrict SSL VPN clients to RDP only.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The policy you have in place affects all traffic. If you wish to only affect SSL VPN traffic, you need a policy that starts with the same source IP range as the SSL VPN traffic. As the Fortigate reads through the policies, it will act on the first one that ' fits' the source, destination and service conditions. If this SSL VPN policy is on the top, then that' s the one the SSL VPN users will hit.
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Bob - self proclaimed posting junkie!See my Fortigate related scripts
at: http://fortigate.camerabob.com
Not applicable
Created on 01-29-2007 02:19 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Config FW rule for SSL-VPN to only allow RDP to a IP-range.
Regards, Eric
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Related Posts
- Curious about Web Portal for SSLVPN 102 Views
- Public IP Hand-off 55 Views
- fortivpn creates tunnel but does not... 82 Views
- FortiWeb Routes Issue 119 Views
- Clarity for PSIRT advisory FG-IR-23-446 178 Views
Labels
-
FortiGate
7,287 -
FortiClient
1,438 -
5.2
801 -
5.4
639 -
FortiManager
628 -
FortiAnalyzer
471 -
6.0
416 -
FortiSwitch
380 -
FortiAP
380 -
5.6
362 -
FortiClient EMS
297 -
FortiMail
284 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
179 -
FortiNAC
130 -
6.4
128 -
FortiGuard
117 -
SSL-VPN
115 -
IPsec
112 -
FortiGateCloud
97 -
FortiSIEM
96 -
FortiCloud Products
90 -
FortiToken
79 -
Customer Service
71 -
Wireless Controller
66 -
4.0MR3
64 -
SD-WAN
55 -
FortiProxy
50 -
FortiEDR
46 -
FortiADC
45 -
Fortivoice
44 -
FortiDNS
42 -
FortiAuthenticator
38 -
FortiSandbox
37 -
Firewall policy
37 -
FortiGate v5.4
36 -
FortiExtender
35 -
VLAN
33 -
FortiSwitch v6.4
32 -
High Availability
32 -
DNS
26 -
ZTNA
24 -
FortiWAN
24 -
LDAP
24 -
FortiConnect
24 -
FortiConverter
23 -
BGP
22 -
Interface
22 -
Certificate
21 -
SAML
21 -
FortiGate v5.2
21 -
Authentication
19 -
Routing
19 -
FortiPortal
18 -
FortiLink
18 -
FortiSwitch v6.2
17 -
VDOM
17 -
Logging
16 -
FortiMonitor
15 -
RADIUS
15 -
NAT
15 -
FortiGate v5.0
14 -
Fortigate Cloud
14 -
FortiDDoS
14 -
Web profile
13 -
Virtual IP
13 -
SSL SSH inspection
13 -
Application control
12 -
FortiCASB
12 -
Traffic shaping
11 -
SSO
10 -
FortiRecorder
10 -
SSID
9 -
FortiWeb v5.0
9 -
IP address management - IPAM
9 -
FortiManager v5.0
9 -
OSPF
9 -
4.0MR2
9 -
WAN optimization
9 -
Web application firewall profile
8 -
Static route
8 -
RMA Information and Announcements
8 -
FortiSOAR
8 -
Proxy policy
8 -
FortiAnalyzer v5.0
8 -
FortiBridge
8 -
SNMP
8 -
FortiAP profile
8 -
FortiGate v4.0 MR3
8 -
Admin
8 -
Security profile
7 -
Automation
7 -
4.0
7 -
Traffic shaping policy
6 -
trunk
6 -
IPS signature
5 -
Packet capture
5 -
Port policy
5 -
Antivirus profile
5 -
System settings
5 -
DNS Filter
5 -
FortiCache
5 -
FortiTester
5 -
FortiManager v4.0
5 -
FortiDeceptor
4 -
FortiDirector
4 -
Web rating
4 -
Intrusion prevention
4 -
Traffic shaping profile
4 -
FortiPAM
4 -
Fortinet Engage Partner Program
4 -
FortiCarrier
4 -
3.6
4 -
FortiScan
4 -
DLP sensor
4 -
DoS policy
4 -
Email filter profile
3 -
Fabric connector
3 -
NAC policy
3 -
Users
3 -
Multicast routing
3 -
FortiToken Cloud
3 -
Application signature
3 -
DLP Dictionary
3 -
FortiDB
3 -
DLP profile
3 -
FortiInsight
2 -
Netflow
2 -
Protocol option
2 -
Zone
2 -
FortiNDR
2 -
FortiAI
2 -
FortiHypervisor
2 -
Schedule
2 -
Authentication rule and scheme
2 -
Explicit proxy
2 -
Internet Service Database
2 -
VoIP profile
2 -
4.0MR1
1 -
File filter
1 -
RIP
1 -
Multicast policy
1 -
FortiCWP
1 -
Kerberos
1 -
Subscription Renewal Policy
1 -
TACACS
1 -
Replacement messages
1 -
FortiManager-VM
1 -
SDN connector
1 -
Service
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.