Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
peterjhd1218
New Contributor

VPN with LDAP authentification

Hi, i gotta a question when an user is member of two LDAP groups and both groups has different portal in teh SSL VPN, each one with different range of addres.

My question is, when the user log in, to which group belong?

 

REgards

1 Solution
Elthon_Abreu

Can you send a print from your "ssl.root > internal" rules?

Elthon Abreu FCNSA v5

View solution in original post

Elthon Abreu FCNSA v5
3 REPLIES 3
Elthon_Abreu
Contributor

The Fortigate will follow the "top-down" rule... So, if the policy that allows "Group A" is above the policy from "Group B", your user will login by the Group A settings.

 

BR,

Elthon Abreu FCNSA v5

Elthon Abreu FCNSA v5
peterjhd1218

hi Elthon Abreu, thanks for your reply but still it´s not clear to my, let me get this right, i have two diferent SSL portal each one with different address range, according to you answer teh user will be log in with the first policy match that have one of the group that the user belong. 

Elthon_Abreu

Can you send a print from your "ssl.root > internal" rules?

Elthon Abreu FCNSA v5

Elthon Abreu FCNSA v5
Labels
Top Kudoed Authors