Hello,
i want to use LDAP + Client Certificate for my SSL VPN.
We use like 20 SSL VPN Portals.
Do I understand correctly that I can either use certificate authentication for everyone or none. I only want to use it for certain portals ?
Thanks
This is possible. You have the option to apply it to the Group - Portal mapping.
See this document: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Configuring-SSL-VPN-client-certificate/ta-...
Hello @Andizer ,
This admin guide might also help you.
https://docs.fortinet.com/document/fortigate/7.0.14/administration-guide/751987/ssl-vpn-with-ldap-in...
regards,
Sheikh
That was very helpful, thank you.
However, I have a small problem.
If I remove the user peer, pretty much any certificate that Fortigate can cross-check is allowed.
Now I only want to allow certificates from a specific CA.
edit 13
set groups "vpn_user_systems_admin-2fa"
set portal "bbw-systems_admin-2fa"
set client-cert enable
set user-peer "CA_Cert_3"
next
end
While using the user-peer, i cant connect anymore.
config user peer
edit "CA_Cert_3"
set ca "CA_Cert_3"
next
end
I am sure i am missing something.
Additional question can i set a wildcard "set cn .company.de" like that ?
*Certificate selection looks fine inside of my forticlient
Thanks
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.