Fortinet FORTIOS V3.0 MR7 User Manual

FortiOS v3.0 MR7 SSL VPN User Guide

56

01-30007-0348-20080718

Granting unique access permissions for SSL VPN tunnel user groups

Configuring a FortiGate SSL VPN

Sample configuration for unique access permissions with tunnel mode user
groups

In this sample configuration, there are two user groups, each one with a dedicated
IP address range.

First, you establish the tunnel IP range.

Go to VPN > SSL, and enable SSL-VPN.

Enter the Tunnel IP Range corresponding to the range of IP addresses available
for the users/user groups, in this case 10.1.1.1 - 10.1.1.100.

Figure 14: Enable SSL-VPN Settings

After enabling SSL VPN, you must create the users and then the user groups that
require SSL VPN tunnel mode access.

Go to User > Local and create user1 and user2 with password authentication.

After you create the users, you must create the SSL VPN user groups. In order to
configure each user with different access permissions, you must create separate
user groups and designate specific IP ranges for each group.

Note: The source address for both SSL VPN firewall policies can be left as ‘all’ when the
users do not have static public IPs.

Note: user1 only has permission to access the Linux server, while user2 only has
permission to access the Windows PC.