Hot!Allow access to SSL VPN for specified user from specified ip address

Author
AlexHelloworld
New Member
  • Total Posts : 3
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/09/01 17:51:13
  • Status: offline
2019/09/01 17:54:16 (permalink)
0

Allow access to SSL VPN for specified user from specified ip address

Fortigate 100E
How can i allow access to SSL VPN for one specified user from one specified ip address only? What is the best practise to that?
Thanks!
#1

6 Replies Related Threads

    orani
    Silver Member
    • Total Posts : 96
    • Scores: 1
    • Reward points: 0
    • Joined: 2019/07/11 12:54:18
    • Location: Athens
    • Status: offline
    Re: Allow access to SSL VPN for specified user from specified ip address 2019/09/01 20:10:25 (permalink)
    0
    do you mean allow a user from specific ip inside your network to connect to an external vpn server?
    #2
    orani
    Silver Member
    • Total Posts : 96
    • Scores: 1
    • Reward points: 0
    • Joined: 2019/07/11 12:54:18
    • Location: Athens
    • Status: offline
    Re: Allow access to SSL VPN for specified user from specified ip address 2019/09/01 20:33:11 (permalink)
    0
    In any case this is not relevant to web filtering.
     
    In case you want to allow a user from internal network to access a vpn gateway:
     
    Define a static ip for the specific user's pc.
    Create a rule from your internal network to internet with source the user's ip and destination the vpn gateway ip, use vpn port at the service tab and allow this traffic with NAT.
    Place this rule above your global rule for accessing the internet
     
     
    In case you want a remote user to access your infrastructure:
     
    Create a local firewall user which will be used at your VPN settings.
    Create a rule with:
    From: sslvpn virtual interface
    To: any internal or external interface
    Source: your ip range from vpn settings AND your localy created user
    Destination: all or any specific ip you want the user to have access to
    Enable NAT.
     
    #3
    Toshi Esumi
    Expert Member
    • Total Posts : 1652
    • Scores: 139
    • Reward points: 0
    • Joined: 2014/11/06 09:56:42
    • Status: offline
    Re: Allow access to SSL VPN for specified user from specified ip address 2019/09/01 22:33:23 (permalink)
    0
    If you meant to limit the client IP where SSL VPN is coming from, you can use "set source-address <address_or_addrgrp_object>" under "config vpn ssl settings".
     
    #4
    orani
    Silver Member
    • Total Posts : 96
    • Scores: 1
    • Reward points: 0
    • Joined: 2019/07/11 12:54:18
    • Location: Athens
    • Status: offline
    Re: Allow access to SSL VPN for specified user from specified ip address 2019/09/01 22:38:57 (permalink)
    0
    Toshi is right.... forgot to write it...
    #5
    AlexHelloworld
    New Member
    • Total Posts : 3
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/09/01 17:51:13
    • Status: offline
    Re: Allow access to SSL VPN for specified user from specified ip address 2019/09/02 20:42:26 (permalink)
    0
    I want remote user can connect to VPN SSL from specified ip address only, if  connection not from this ip, drop it, what kind firewall rule suitable for that?
    #6
    AlexHelloworld
    New Member
    • Total Posts : 3
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/09/01 17:51:13
    • Status: offline
    Re: Allow access to SSL VPN for specified user from specified ip address 2019/09/02 20:43:56 (permalink)
    0
    It will restrict access for all users on this VPN portal right? I want to restrict access for one user only.
    #7
    Jump to:
    © 2019 APG vNext Commercial Version 5.5