Table of Contents
Advertisement
Granting unique access permissions for SSL VPN tunnel user groups
Sample configuration for unique access permissions with tunnel mode user
groups
56
In this sample configuration, there are two user groups, each one with a dedicated
IP address range.
Note: The source address for both SSL VPN firewall policies can be left as 'all' when the
users do not have static public IPs.
First, you establish the tunnel IP range.
Go to VPN > SSL, and enable SSL-VPN.
Enter the Tunnel IP Range corresponding to the range of IP addresses available
for the users/user groups, in this case 10.1.1.1 - 10.1.1.100.
Figure 14: Enable SSL-VPN Settings
After enabling SSL VPN, you must create the users and then the user groups that
require SSL VPN tunnel mode access.
Go to User > Local and create user1 and user2 with password authentication.
Note: user1 only has permission to access the Linux server, while user2 only has
permission to access the Windows PC.
After you create the users, you must create the SSL VPN user groups. In order to
configure each user with different access permissions, you must create separate
user groups and designate specific IP ranges for each group.
Configuring a FortiGate SSL VPN
FortiOS v3.0 MR7 SSL VPN User Guide
01-30007-0348-20080718
Advertisement
Table of Contents
