FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
nithincs
Staff
Staff
Article Id 197360

Description
This article describes how to set geolocation address object to specific authentication rule in SSLVPN setting.

Solution
Assume the following scenario:

User connecting SSLVPN from geolocation ABC is assigned with full-access portal and if users connects SSLVPN from any other geolocation address then FortiGate assigns default-portal.
To achieve this, set the source address in the authentication rule.

Configure the below setting to respective authentication rule in SSLVPN setting and test the access.

# config vpn ssl setting
# config authentication-rule

    edit <id>
        set source-interface wan1                <----- SSLVPN listening interface.
        set source-address <Geo address object>
        set portal full-access
    next
end

With this settings, when user try to connect the SSLVPN, FortiGate will check the user public source-address and if it matches the source-address in authentication rule then only respective portal will be assigned else default-portal will be assigned.

Contributors