Monday, May 22, 2017

Fortigate SSLVPN and multiple -realms

In this blog we will show how to  use a fortigate with  numerous realms. The realm name would be the target  URL path

e.x

https://sslvpn.example.com/vpnclientfr
https://sslvpn.example.com/vpnclientsp

In this design , we have craft  2 realm for our spanish and french speakers. This will allow you  craft  unique pages and even have unique authentication requirements such as users/groups/ldap-authservers

1st here's a topo-map





2nd  you need to craft the respective  realm and web-portals. In mine case the web-portals are web-mode only , but these could be tunnel-mode  or a combination.




In our vpn ssl settings we will define the   auth-roles;



And now if you login at your site with the correct, you will be auth by that auth-role and present just that webportal.



and for  our french speakers;


  

TIP: make sure you have the  SSLVPN fwpolicies with the correct group(s)
 
Yeap , it's that easy !




Ken Felix
NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com
     ^      ^
=(  @  @ )=
         o 

        /  \


No comments:

Post a Comment