FortiGate v7.2.0 SSLVPN Configuration (Local & LDAP Auth)

what if the fortigate is actually inside the private network.
end user - - - internet - - - <public IP> CPE <private IP>- - - core router - - - Aggregate router - - - Fortigate - - - LAN

Just a tip that might save some headaches for other peeps... I'd set everything up correctly but my DMZ servers I set as destinations in my VPN policy weren't reachable so I watched your video to confirm I'd done everything correctly and I still had the issue. My deployment is on AWS and I have a management VRF0 and everything else in VRF1 so I can run two default routes to the Internet. VRF1 for data and VRF0 for access via Internet to MGMT interface. In the end I checked my SSL tunnel interface (only way I could find to do it was via the VPN policy I setup) and I found the interface belonged to VRF0. I changed it to VRF1 and everything working perfectly now.

Really appreciate the content. Just a question.. when we use both the User Group and the RA-VPN_Pool, does it mean it is required to match both or only 1 match is required for source.

thanks a lot, when we create a group should we configure anything on SSL-VPN Portals , like you did when creating ssl-vpn LDAP , 28 min ?

Thanks.. every simple and easy to understand.

thank you, why SSL over IPSEC?

awesome lesson...greatly appreicated

Really appreciate this. Thank you!

Awesome video bro! Regarding the LDAP Auth method, let's say I have different groups in AD, and each AD-User-Group, when connected via SSL-VPN, needs access to their respective VLAN only. It means I need to create a Fortigate User Group and policy for each? Thanks.

I appreciate the simplicity of your presentation! Please keep up the great work!

i like the stencils you use , where i can get them for Drawio?

My SSLVPN stopped connecting, on fortivpn client just go to 10%

Do you have video for SSL vpn with Radius server + Microsoft MFA

*Hi, very nice video congratulations!!! please could you helpme or give me any idea?
I must autenticate a user with 2FA in Fortigate with email, that have already worked but, now I must autenticate that same way but with all users from an Active Directory and I can't add a group of vpn, so all users from AD must autenticate with 2FA throught email . Any idea for do this ? Thanks a lot.*

ssl vpn with azure Ad integration video link

Can you please help me. So I am doing a training at some company and they only gave me a fortigate firewall and one switch and a server and only a 4G modem that does not have port forwarding and I wanted to access my firewall from home. Is there a way to do it?

Is it possible to restrict the source IP address of the remote user that establish the VPN connection? Ideally I want to restrict a specific user coming from a specific address. Thanks!

Keep it coming bro 💯 💪

can fortigate verify the forticlient security posture before allowing sslvpn? to verify that the client is a windows client, with latest security patch.

It's not clear why you switched to Forti. Without a license, there is no point in using it. And even for educational purposes. Without a license, it is heavily curtailed.

عاشت إيدك.... شرح لطيف.... بس اريد مايكروتك vpn.... هل تعلم تحديث أندرويد 12 لا يقبل انشاء vpn pptp or l2tp..... خرب شغلنا 🤕🥀

Thanks. I have issue ssl vpn in eve can not connect

Thanks for the awesome videos on fortigate,...I think fortigate is possibly the best firewall for the money..🙏🏼

Great Video
please do video for AD auth access via Fortigate and Security profiles

Hi Network Beg, I did not get the software that was used for the network design. Kindly clarify for me.
Thanks