Not sure if I have missed anything but I was curious if it was possible to assign VPN users the equivalent of a static IP via some sort of mapping / assignment in Fortiauth/ems?
Not sure if its easier to look into this or just break down our policies even further so that our IT Admin staff have their own policy / net assignment so we can have a more relaxed access policy for just those admin users?
We created different VPN’s for admins with separate portal, IP scopes, and policies as it makes it easier for us to allow from a subnet instead of keeping up with certain IP’s. I’m not aware on how to assign a particular IP from an existing scope to certain VPN users.
You can include user groups in policies, so create a group for it admin and include that group as the source for the admin access policy
another option external radius server using framed IP
How are you talking to FortiAuthenticator? Radius? SAML? What’s you vpn protocol? Ssl or IPSec?
If IPsec, do DHCP over IPsec and set reservations.
If SSL, you can create portals for each user and create a 1 IP pool for that portal and user. Pretty tedious.
You may also be able to use RADIUS framed IP attribute but I haven’t configured this so you’re on your own with that one.
As above you can create portals and scopes for ssl vpns quite tediously but it works. If you have groups then you can do scopes by user groups, or you can even use ad groups as well