One more thing to do – and that’s to setup our firewall policy! Notice that the user matches what we put in the portal. Enabling VPN always up FortiClient 7.2.0 Home FortiClient 7.2.0 XML Reference Guide 7.2. Next lets match up our user to the portal. Notice that the source IP Pool is the specific IP we set – this is where all the real magic is.
In this portal we will match the it to the individual IP object we created, and set the remote access server it needs. Then lets create the portal specific for this device – which only needs access to one server. Next lets create our user object – We need to do a specific user object, because we only want one device to be logged in and match this policy. Ok, first lets create our address object. Create firewall policy allowing that client in.Create group/portal matching in SSL Settings.Create a specific portal if needed just for this user.Create a user object either local, or LDAP/Radius.Setup Address object that you need the device to get – For this example 10.200.253.241.Have LDAP or Radius integration already setup if you are specifically using that.Setup SSL VPN (Should be already done if you are trying this).SO, in this example I have a Scan gun that needs to have a specific IP every time it connects. I am using a local account on the firewall in this example, but it would work with an AD users without issues – you would just have to map the user directly and not use groups. I have read there are very neat ways to do it through FortiAuth, or Radius options – but Here I am just doing all Fortigate configuration. This is not overly simple as it seems it should be.
I needed to have a specific SSL VPN client to always have the same IP address.
0 kommentar(er)
