We are considering migrating users from dialup SSL VPN to dialup IPsec
VPN. Curious about best practices for optimum security as well as client
ease of use. One question involves tunnel vs. split tunnel access. Is
this an option when using IPsec VPN....
We have someone traveling and they would like us to not block from a geo
filtering standpoint in Mexico/Caribbean. I would like to give them a
list of countries to pick from for us to unblock. Is there a way to
export this list? Via CLI would be OK t...
We have a number of FortiGate firewalls that we want to create the same
Geo Block Group holding a fairly long list of countries to block. We
don’t have a FortiManager. Does someone have a script to generate this
geo block group on the firewalls from ...
The most common issue we encounter is a client getting on a web page
claiming that they have a virus, must call a number, pay them money,
etc. We use FortiGate firewalls with UTP bundle. We have most of the
Security Profiles within the Policies turne...
I have read many helpful posts concerning SSL VPN security and different
approaches that can be used to improve security. So far we have unique
usernames, strong unique passwords, and geo filtering from the SSL-VPN
Settings / Restrict access to speci...
Thanks hbac. This might be a useful solution. I don't know who to copy
from one firewall configuration and paste into another firewall
configuration. Is there a document that gives further explanation
concerning this process? Is it necessary to reboo...
Thank you both for your posts. We have previously created geo block
lists using these steps successfully. We would like to find a more
efficient way to create these lists. If we have say 50 countries that we
would like to include in these lists, and ...
Thanks. This appears to be a very good solution in the cases that we
know the IP address(s) of those that will connect to the firewall. Where
users are traveling, we will need to take further steps as we won't know
the host IP addresses. We already u...
Thanks rvillaroman. If 'Limit access to specific hosts' and/or use a
local-in policy, will connection attempts that violate these criteria
show up in the VPN login fail logs or will these be denied before the
log records the failure.
