FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Description In some scenario, there are two listen on interfaces for sslpvn. This article explains how to give access to specific user to specific interface.
Solution Note: On the following configuration, there are two source-interface port13 and wan1 and the authentication rule id 1 and 2 does not specify the source-address or interfaces. In that case, both users can have access with both listen on interfaces port13 and wan1.
# config vpn ssl settings set servercert "Fortinet_Factory" set tunnel-ip-pools "SSLVPN_TUNNEL_ADDR1" set tunnel-ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1" set source-interface "port13" "wan1" set source-address "all" set source-address6 "all" set default-portal "web-access" config authentication-rule edit 1 set users "arifnoor" set portal "full-access" next edit 2 set users "chowdhury" set portal "full-access" next end end
If it is required to restrict that user (Example: “arifnoor” has access only wan1 and user “chowdhury” has access on port13), do the following:
# FG201E-1 (settings) # sh config vpn ssl settings set servercert "Fortinet_Factory" set tunnel-ip-pools "SSLVPN_TUNNEL_ADDR1" set tunnel-ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1" set source-interface "port13" "wan1" set source-address "all" set source-address6 "all" set default-portal "web-access" config authentication-rule edit 1 set source-interface "wan1" set source-address "all" set users "arifnoor" set portal "full-access" next edit 2 set source-interface "port13" set source-address "all" set users "chowdhury" set portal "full-access" next end end
