DescriptionThis article explains how in the 'config vpn ssl settings', if the source-interface parameter is set in the authentication rule, it will take precedence over the parameter set in the 'config vpn ssl settings'.
For example:
#config vpn ssl settings
set servercert "Fortinet_Factory"
set tunnel-ip-pools "SSLVPN_TUNNEL_ADDR1"
set tunnel-ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"
set port 443
set source-interface "port1" "port2"
set source-address "all"
set source-address6 "all"
set default-portal "web-access"
config authentication-rule
edit 1
set source-interface "port1"
set source-address "all"
set groups "test"
set portal "full-access"
next
end
end
In this configuration, the port2 interface will not listen for connections, even for the default portal.
This is for CLI only, this parameter does not show in the GUI.
If the source-interface setting is enabled then the source-address setting is mandatory If you want to listen on both interfaces for one portal it is necessary to unset the source-interface in the authentication rule.
SolutionIf required to listen for a different portal on each interface, add a new authentication rule with the source-interface parameter set to the other interface.
Example:
#config vpn ssl settings
set servercert "Fortinet_Factory"
set tunnel-ip-pools "SSLVPN_TUNNEL_ADDR1"
set tunnel-ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"
set port 443
set source-interface "port1" "port2"
set source-address "all"
set source-address6 "all"
set default-portal "web-access"
config authentication-rule
edit 1
set source-interface "port1"
set source-address "all"
set groups "test"
set portal "full-access"
next
edit 2
set source-interface "port2"
set source-address "all"
set groups "test2"
set portal "web-access"
next
end
Related Articles
Technical Tip: SSL VPN with multiple links not able to login Error: Permission Denied
