Hi guys,
I created a specific SSL-VPN Portal for a specific group of people and I configured it just to use the web-Mode. Everything is working fine, but the issue is I'd like to apply some web filters for these guys to restrict the access just to some websites.
I tried to apply the web-filter security profile to the rule which allows the traffic toward the internet but doesn't work.
I have the Split tunnelling disabled.
Firewall mode: Flow-Based.
Any idea?
Thanks guys!!
I noted, sniffing the traffic, that the source IP when I connect with VPN WEB-mode is the IP client, and it's not assigned for fortigate like if you connect using the FortiClient and the source interface is WAN1 and not root.SSL
I found out that the traffic generated form web-mode VPN-SSL is not coming from ssl.root.
I tried to figure out which is the source interface for the Web-Mode connections but I didn't find anything in your documentation.
any clue guys?
Thanks.
Verify that you have configured the SSL VPN correctly:
http://cookbook.fortinet.com/ssl-vpn-using-web-tunnel-mode-60/
Apply the policy to allow users using the VPN portal to browse on the web via the Fortigate and apply the webfilter profile :
config firewall policy edit "your ID policy" set name "SSL VPN Access" set srcintf "ssl.root" set dstintf "WAN1" set srcaddr "SSLVPN_TUNNEL_ADDR1" set dstaddr "all" set action accept set schedule "always" set service "ALL" set utm-status enable set logtraffic all set groups "SSLVPN-Group" set users "SSLVP-User" set webfilter-profile "Block_All" set ssl-ssh-profile "certificate-inspection" set nat enable next end
You can also manage bookmarks by user group and disable user bookmarks:
config vpn ssl web portaledit <portal-name>set user-group-bookmark [enable | disable]nextend config vpn ssl web user-group-bookmarkedit <group-name>config bookmarkedit <bookmark1>....nextendextendBRBubu
Bubu
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.