Table of Contents
Advertisement
Configuring a FortiGate SSL VPN
Granting unique access permissions for SSL VPN tunnel user
groups
FortiOS v3.0 MR7 SSL VPN User Guide
01-30007-0348-20080718
set tolerance 1
end
config sslvpn-os-check-list "windows-xp"
set action allow
end
set member "u1"
set sslvpn-split-tunneling enable
set sslvpn-http enable
next
end
config firewall policy
edit 1
set srcintf "internal"
set dstintf "external"
set srcaddr "all"
set dstaddr "172.18.8.0/24"
set action ssl-vpn
set schedule "always"
set service "ANY"
set groups "g1"
next
end
For situations where there is a requirement for more than one user to be permitted
tunnel mode access, the key is to split the tunnel IP range into sub-IP ranges,
where each user group (with the user as a member) is assigned a dedicated IP
range (with no overlap) and therefore can have different access permissions.
Figure 13: SSL VPN configuration for unique access permissions
Granting unique access permissions for SSL VPN tunnel user groups
55
Advertisement
Table of Contents
