beautypg.com

Fortinet FORTIOS V3.0 MR7 User Manual

Page 57

background image

Configuring a FortiGate SSL VPN

Granting unique access permissions for SSL VPN tunnel user groups

FortiOS v3.0 MR7 SSL VPN User Guide
01-30007-0348-20080718

57

Go to User > User Group. Create group1 as an SSL VPN user group with user1
as the member and 10.1.1.1 - 10.1.1.50 as the values in ‘Restrict tunnel IP range
for this group’.

Figure 15: group1 user group attributes

Create group2 as an SSL VPN user group with user2 as the member and
10.1.1.51 - 10.1.1.100 as the values in ‘Restrict tunnel IP range for this group’.

Figure 16: group2 user group attributes

After you create the user groups, you need to define the firewall policies to
support tunnel-mode operations.

The firewall policy specifies the originating (source) IP address of a packet and
the destination address that defines the IP address of the intended recipient or
network. In this configuration, the source address corresponds to the public IP
address that can connect to the FortiGate unit, and the destination address
corresponds to the IP address of the Linux server/Windows PC behind the
FortiGate unit.

Before you create the firewall policy, you must define the source and destination
addresses to include in the policy.

Go to Firewall > Address to create the source and destination addresses to
specify in the firewall policies.