Fortinet white logo
Fortinet white logo
7.2.0

Network Access Policies

Network Access Policies

Configure Network Access Policies for the IP address ranges used for VPN access. If multiple IP address ranges are used for different types of VPN access (SSL or IPSec), different policies can be created or they can be combined into a single policy.

Configuration Steps

  1. Navigate to Policy & Objects > User/Host Profiles

  2. Create a User/Host Profile with the following for each level of access (such as Staff and Executives):

    • Host is a VPN Client.

    (Host Tab) VPN Client: Yes

    • Other who/what/when information as appropriate

      • Prevent at-risk hosts from connecting to VPN:

        Host [Security Status: Safe]

      • Prevent disabled hosts from connecting to VPN:

        Host [Access Status: Enabled]

      • Alternatively, create Network Access Policy for just disabled or at-risk where they are sending a different tag for a different ACL.

        Host [Security Status: At Risk]

        Host [Access Status: Disabled]

  3. Navigate to Policy & Objects > Network Access > Configurations.

  4. Click Create New.

  5. Name the Configuration and select the Logical Network for VPN clients matching the newly created User/Host Profile.

    The Logical Network(s) and the corresponding tag/group(s) to be assigned are listed under the FortiGate Model Configuration (see Complete Model Configuration (VPN Addresses and Logical Networks)).

  6. Click OK to save.

  7. Select Policies and create a Network Access Policy that uses both the new VPN User/Host Profile and Network Access Configuration.

  8. Adjust the rank of the Network Access Policy as appropriate

For more details, refer to the following section in the Administration Guide: Network Access. Proceed to Finalize Configuration.

Network Access Policies

Network Access Policies

Configure Network Access Policies for the IP address ranges used for VPN access. If multiple IP address ranges are used for different types of VPN access (SSL or IPSec), different policies can be created or they can be combined into a single policy.

Configuration Steps

  1. Navigate to Policy & Objects > User/Host Profiles

  2. Create a User/Host Profile with the following for each level of access (such as Staff and Executives):

    • Host is a VPN Client.

    (Host Tab) VPN Client: Yes

    • Other who/what/when information as appropriate

      • Prevent at-risk hosts from connecting to VPN:

        Host [Security Status: Safe]

      • Prevent disabled hosts from connecting to VPN:

        Host [Access Status: Enabled]

      • Alternatively, create Network Access Policy for just disabled or at-risk where they are sending a different tag for a different ACL.

        Host [Security Status: At Risk]

        Host [Access Status: Disabled]

  3. Navigate to Policy & Objects > Network Access > Configurations.

  4. Click Create New.

  5. Name the Configuration and select the Logical Network for VPN clients matching the newly created User/Host Profile.

    The Logical Network(s) and the corresponding tag/group(s) to be assigned are listed under the FortiGate Model Configuration (see Complete Model Configuration (VPN Addresses and Logical Networks)).

  6. Click OK to save.

  7. Select Policies and create a Network Access Policy that uses both the new VPN User/Host Profile and Network Access Configuration.

  8. Adjust the rank of the Network Access Policy as appropriate

For more details, refer to the following section in the Administration Guide: Network Access. Proceed to Finalize Configuration.