Fortinet FORTIOS V3.0 MR7 User Manual
Page 57
Configuring a FortiGate SSL VPN
Granting unique access permissions for SSL VPN tunnel user groups
FortiOS v3.0 MR7 SSL VPN User Guide
01-30007-0348-20080718
57
Go to User > User Group. Create group1 as an SSL VPN user group with user1
as the member and 10.1.1.1 - 10.1.1.50 as the values in ‘Restrict tunnel IP range
for this group’.
Figure 15: group1 user group attributes
Create group2 as an SSL VPN user group with user2 as the member and
10.1.1.51 - 10.1.1.100 as the values in ‘Restrict tunnel IP range for this group’.
Figure 16: group2 user group attributes
After you create the user groups, you need to define the firewall policies to
support tunnel-mode operations.
The firewall policy specifies the originating (source) IP address of a packet and
the destination address that defines the IP address of the intended recipient or
network. In this configuration, the source address corresponds to the public IP
address that can connect to the FortiGate unit, and the destination address
corresponds to the IP address of the Linux server/Windows PC behind the
FortiGate unit.
Before you create the firewall policy, you must define the source and destination
addresses to include in the policy.
Go to Firewall > Address to create the source and destination addresses to
specify in the firewall policies.