Fortinet FORTIOS V3.0 MR7 User Manual

Page 55

Text mode
Original mode

Configuring a FortiGate SSL VPN

Granting unique access permissions for SSL VPN tunnel user groups

FortiOS v3.0 MR7 SSL VPN User Guide
01-30007-0348-20080718

set tolerance 1

end

config sslvpn-os-check-list "windows-xp"

set action allow

end

set member "u1"

set sslvpn-split-tunneling enable

set sslvpn-http enable

end

config firewall policy

edit 1

set srcintf "internal"

set dstintf "external"

set srcaddr "all"

set dstaddr "172.18.8.0/24"

set action ssl-vpn

set schedule "always"

set service "ANY"

set groups "g1"

end

Granting unique access permissions for SSL VPN tunnel user
groups

For situations where there is a requirement for more than one user to be permitted
tunnel mode access, the key is to split the tunnel IP range into sub-IP ranges,
where each user group (with the user as a member) is assigned a dedicated IP
range (with no overlap) and therefore can have different access permissions.

Figure 13: SSL VPN configuration for unique access permissions