Prioritize IPsec VPN and ZTNA for remote access over SSL VPN 7.2.3
To prioritize IPsec VPN, EMS disables the SSL VPN feature by default. You can use the SSL VPN checkbox in Feature Select to globally show or hide the SSL VPN feature on EMS. As SSL VPN is an active attack target, using IPsec VPN for VPN use cases is now encouraged over using SSL VPN.
When SSL VPN is disabled in Feature Select, EMS hides all SSL VPN-related features on Remote Access profiles. Only IPsec VPN-related configuration and tunnels are visible.
SSL VPN tunnel XML configuration still displays in the XML tab when SSL VPN is disabled. |
FortiClient also does not show SSL VPN tunnels and disallows users from creating personal SSL VPN tunnels. When configuring an IPsec VPN tunnel, the Failover SSL VPN option is visible, but there are no SSL VPN tunnels to select from.
FortiClient also hides SSL VPN tunnels in the VPN before logon screen.
When SSL VPN is enabled in Feature Select, you can disable SSL VPN on Remote Access profiles. This hides all SSL VPN-related features from that profile. FortiClient endpoints that receive that profile also hide all SSL VPN tunnels and configuration options for creating personal SSL VPN tunnels.