User1 of User1Group1 from PC1 with Public_IP_1 can connect to ssl_vpn.Scenario 2.
User2 of User2group2 from PC2 with Public_IP_1 cannot connect to ssl_vpn.
3) Create SSL-VPN portal.
- Go to VPN -> SSL -> Portals.
- Configure portals 'full-access-1'.
4) Configure SSLVPN connection settings.
Go to VPN -> SSL -> Settings.
- Select the listen external interface, listen port.
- Restrict the access to SSLVPN to the public IP previously defined ( Public_IP_1 , Public_IP_2).
- Associate user/group to SSLVPN Portals.Note:
So far the address groups have been associated to the portal, but there is not an exclusive restriction yet by the public IP: user1 can access from both ‘ Public_IP_1 'and ‘ Public_IP_1 '.
Following CLI only config on autherntication-rule under VPN SSL setting provide the behavior request.
- Go to CLI via SSH and specify source-int (port3 only in this case) and source-address per authentication rule.# config vpn ssl settings5) Configure policy.
config authentication-rule
edit 1
set source-interface "port3"
set source-address " Public_IP_1 "
set groups " User1Group1"
set portal "full-access-1"
next
edit 2
set source-interface "port3"
set source-address " Public_IP_2"
set groups " User2Group2"
set portal "full-access-1"
next
end
end
Go to Policy & Objects-> Policy -> IPv4.Test 1.
Try to login from Public_IP_1 with User1 and User2.Test 2.
Try to login from Public_IP_2 with User1 and User2.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.