Hot!FortiClient EMS - Allow internet only when connected to VPN

Author
chethan
Bronze Member
  • Total Posts : 29
  • Scores: -2
  • Reward points: 0
  • Joined: 2021/01/30 13:08:47
  • Status: offline
2021/06/26 04:08:19 (permalink)
0

FortiClient EMS - Allow internet only when connected to VPN

Hello Everyone,
 
How do you configure FortiClient EMS to enforce endpoints to allow/access internet only when they are connected to the SSL-VPN ? 
 
The users should not be able to use internet if they are disconnected from the VPN (as a company policy). 
 
"My query is not about Split-tunneling"
 
Thank you.
#1
fcb
Silver Member
  • Total Posts : 74
  • Scores: 2
  • Reward points: 0
  • Joined: 2007/06/20 21:01:59
  • Status: offline
Re: FortiClient EMS - Allow internet only when connected to VPN 2021/07/21 07:00:43 (permalink)
0
Step 1: Make EMS to where it's reachable from the public Internet using the same name as it has on the internal network (ie: ems.domain.com)
Step 2: Setup an on-net and an off-net profile on EMS. The on-net profiles allows traffic to come back through the tunnel and the web filter sand app firewall are not as strict. The off-net profile (the one the get when at home) has everything blocked in web filter and app firewall.
 
EMS will determine off-net and on-net by the machines current IP address so you will have a little to do there but not bad
#2
Jump to:
© 2021 APG vNext Commercial Version 5.5