Hot!Block VPN SSL from one public IP

Author
ShonGail
New Member
  • Total Posts : 2
  • Scores: 0
  • Reward points: 0
  • Joined: 2017/09/29 05:54:44
  • Status: offline
2018/02/12 07:05:29 (permalink) 5.6
0

Block VPN SSL from one public IP

Hello,
I would block SSL VPN access from one public IP.
How can I do that ?
 
Best regards.
#1

2 Replies Related Threads

    tanr
    Gold Member
    • Total Posts : 432
    • Scores: 16
    • Reward points: 0
    • Joined: 2016/05/09 17:09:43
    • Status: offline
    Re: Block VPN SSL from one public IP 2018/02/12 08:46:19 (permalink)
    0
    You should be able to use local-in-policy to block a specific IP from being able to access VPN.
     
    Note that you want to be very careful with local-in-policy as you can inadvertently lock yourself out rather easily.
     
    http://kb.fortinet.com/kb/documentLink.do?externalID=FD33649
     
    #2
    neonbit
    Platinum Member
    • Total Posts : 443
    • Scores: 41
    • Reward points: 0
    • Joined: 2013/07/02 21:39:52
    • Location: Dark side of the moon
    • Status: offline
    Re: Block VPN SSL from one public IP 2018/03/05 03:04:42 (permalink)
    0
    There's an option in the SSLVPN that allows you to set the source-address as a negate (ie: allow connects from every IP except the ones you specify).
     
    This is configurable in the CLI
     
    config vpn ssl settings
    set source-address-negate enable
    set source-address "the address object you've configured to block"
    end
    #3
    Jump to:
    © 2018 APG vNext Commercial Version 5.5