first, via the CLI :
- create a user for the connections:
config user local
edit "test"
set type password
set passwd qwe123
next
end
- create user group :
config user group
edit "SSL_USERS"
set sslvpn-portal "full-access"
set member "test"
next
end
- create an address range for the users :
config firewall address
edit "SSLVPN_ADDR1"
set subnet 10.212.134.0 255.255.255.0
next
end
- add the Pool to SSL settings :
config vpn ssl settings
set idle-timeout 500
set tunnel-ip-pools "SSLVPN_ADDR1"
end
- finally the policy few rules, from the internet to the Portal, and from Portal to where you need and back, in my case :
edit 1
set srcintf "EXT"
set dstintf "ssl.FGT"
set srcaddr "all"
set dstaddr "LAN1" "LAN2"
set action ssl-vpn
set identity-based enable
config identity-based-policy
edit 1
set schedule "always"
set groups "SSL_USERS"
set service "ANY"
next
end
next
edit 2
set srcintf "ssl.FGT"
set dstintf "INT"
set srcaddr "SSLVPN_TUNNEL_ADDR1"
set dstaddr "LAN1" "LAN2"
set action accept
set schedule "always"
set service "ANY"
next
edit 3
set srcintf "INT"
set dstintf "ssl.FGT"
set srcaddr "LAN1" "LAN2"
set dstaddr "SSLVPN_TUNNEL_ADDR1"
set action accept
set schedule "always"
set service "ANY"
next
end
now same thing but via the GUI:
User :
User group :
Firewall - address :
SSL-VPN settings:
Hope this post was helpful, If it was please consider a donation:
BTC Address: 1CnyMpjd1RntRDxSus2hu2aDMyzL4Kj29N
LTC Address: LUqrKbzGihTU2GEnL3EwsuuLHCsxCJMdtR
you forget this:
ReplyDeletefrom: WAN | to | LAN
all lan1 ,lan2
let me know if I wrong:)
To be honest I posted this configuration while configuring it on a production device,
DeleteThe end result was correct - I had full access from an User connected via SSL-VPN to the networks defined on LAN1 and LAN2 .
The rule you're talking about is part of the way we used to configure this on v3.
This comment has been removed by a blog administrator.
ReplyDeleteThis comment has been removed by a blog administrator.
ReplyDeleteI love significantly your own post! I look at all post is great. I discovered your personal content using bing search. Discover my webpage is a great one as you.I work to create several content this post. Once more you can thank you and keep it create! Enjoy! https://privacidadenlared.es
ReplyDeleteThe principal models is increasingly prominent with the bigger organizations who have a brand pull for potential workers e.g., G.E., IBM, Oracle, Microsoft, HCL, ICICI, Reliance, Mindtree counseling and so on. gizlilikveguvenlik.com
ReplyDeleteThe present registering condition has a high focused danger of being damaged by gatherings not permitted to get to them. This dread of the potential infringement of privacy has driven people to avoid potential risk in the way in which they get to remote administrations. buy vpn
ReplyDeleteI appreciate several from the Information which has been composed, and especially the remarks posted I will visit once more. Meer hierover leest je hier
ReplyDeleteThe effects of information technology and electronic trade on plans of action, business, showcase structure, working environment, work advertise, instruction, private life and society in general. gizlilikveguvenlik.com
ReplyDeleteI have read your blog it is very helpful for me. I want to say thanks to you. I have bookmark your site for future updates. bezoek website
ReplyDeleteYou do need to recognize which of your records contain individual information so you can deal with and secure that data in a way that agrees to the guidelines. mejoresvpn.com/
ReplyDeleteThis was really an interesting topic and I kinda agree with what you have mentioned here! nord vpn free trial
ReplyDeleteThanks for an interesting blog. What else may I get that sort of info written in such a perfect approach? I have an undertaking that I am just now operating on, and I have been on the lookout for such info. RapidSSL certificate
ReplyDeleteAwesome article, it was exceptionally helpful! I simply began in this and I'm becoming more acquainted with it better! Cheers, keep doing awesome! Sonicwall Firewall
ReplyDelete