Created on 05-08-2020 11:30 PM Edited on 12-16-2021 12:42 AM By Anonymous
Description
This article describes how to set geolocation address object to specific authentication rule in SSLVPN setting.
Solution
Assume the following scenario:
User connecting SSLVPN from geolocation ABC is assigned with full-access portal and if users connects SSLVPN from any other geolocation address then FortiGate assigns default-portal.
To achieve this, set the source address in the authentication rule.
Configure the below setting to respective authentication rule in SSLVPN setting and test the access.
# config vpn ssl setting
# config authentication-rule
edit <id>
set source-interface wan1 <----- SSLVPN listening interface.
set source-address <Geo address object>
set portal full-access
next
end
With this settings, when user try to connect the SSLVPN, FortiGate will check the user public source-address and if it matches the source-address in authentication rule then only respective portal will be assigned else default-portal will be assigned.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.