Remote VPN user identification
FortiSASE allows administrators to identify remote VPN users uniquely in internet and private access traffic logs, which is achieved by enabling these capabilities:
- Adding support for unique SSL VPN IP address ranges per FortiSASE security PoP within the overall 100.65.0.0/16 range. Previously, SSL VPN IP address ranges were not unique between security PoPs.
- Removing source NAT (SNAT) for remote VPN user traffic destined for secure private access hubs. By default, FortiSASE performs SNAT for such traffic.
For a new FortiSASE instance, this select availability feature is enabled, by default. To add support for this select availability feature to your existing FortiSASE instance, create a new ticket with FortiCare Support.
Currently, as a select availability feature, if enabled the following is possible with your FortiSASE instance:
If your FortiSASE instance requires a reset, then the following next steps are required to resume normal operation:
|