Fortinet black logo

SSL VPN to ZTNA Migration Guide

Home FortiGate / FortiOS 7.2.2 SSL VPN to ZTNA Migration Guide
7.2.2
7.2.5
7.2.2

Granular firewall rules

Granular firewall rules

Firewall rules are configured to provide granular remote access for each group of users. They are configured as follows:

config firewall policy
    edit 9
        set name "SSL_VPN-Administrators"
        set srcintf "ssl.root"
        set dstintf "port2"
        set action accept
        set srcaddr "all"
        set dstaddr "EMS" "FAZ" "Webserver" "FAC"
        set schedule "always"
        set service "ALL"
        set inspection-mode proxy
        set logtraffic all
        set groups "LDAP-Administrators"
        set comments " “
    next
    edit 10
        set name "SSL_VPN-Finance"
        set srcintf "ssl.root"
        set dstintf "port2"
        set action accept
        set srcaddr "all"
        set dstaddr "Webserver" "Finance"
        set schedule "always"
        set service "ALL"
        set inspection-mode proxy
        set logtraffic all
        set groups "LDAP-Finance"
        set comments " “
    next
    edit 11
        set name "SSL_VPN-Sales"
        set srcintf "ssl.root"
        set dstintf "port2"
        set action accept
        set srcaddr "all"
        set dstaddr "Webserver"
        set schedule "always"
        set service "ALL"
        set inspection-mode proxy
        set logtraffic all
        set groups "LDAP-Sales"
        set comments " “
    next
end
Previous
Next

Granular firewall rules

Firewall rules are configured to provide granular remote access for each group of users. They are configured as follows:

config firewall policy
    edit 9
        set name "SSL_VPN-Administrators"
        set srcintf "ssl.root"
        set dstintf "port2"
        set action accept
        set srcaddr "all"
        set dstaddr "EMS" "FAZ" "Webserver" "FAC"
        set schedule "always"
        set service "ALL"
        set inspection-mode proxy
        set logtraffic all
        set groups "LDAP-Administrators"
        set comments " “
    next
    edit 10
        set name "SSL_VPN-Finance"
        set srcintf "ssl.root"
        set dstintf "port2"
        set action accept
        set srcaddr "all"
        set dstaddr "Webserver" "Finance"
        set schedule "always"
        set service "ALL"
        set inspection-mode proxy
        set logtraffic all
        set groups "LDAP-Finance"
        set comments " “
    next
    edit 11
        set name "SSL_VPN-Sales"
        set srcintf "ssl.root"
        set dstintf "port2"
        set action accept
        set srcaddr "all"
        set dstaddr "Webserver"
        set schedule "always"
        set service "ALL"
        set inspection-mode proxy
        set logtraffic all
        set groups "LDAP-Sales"
        set comments " “
    next
end
Previous
Next