Understanding VPN Realms

MFKDGAF · March 8, 2025, 2:29am

I’m trying to understand the purpose of the VPN realms when it comes to allowing certain access to certain groups.

Currently, this is how I have my VPN setup.

LDAP Server = AD server at root (DC=subdaomain,DC=Domain,DC=com)
User Groups = Each Department as a group targeting their respective security group in AD
SSL-VPN Portal = 1 tunnel portal for each department only allowing access to the servers they need.
SSL-VPN Settings > Authentication/Portal Mapping = Each User Group associated with their respective SSL-VPN Portal
FortiClient = Everyone logs in to vpn.company.com

Now with the realms I understand I can have different URLS for each department such as vpn.company.com/hr or vpn.company.com/marketing.

What I can’t wrap my head around is my would I use the VPN realms vs what I currently have setup.

Is the only purpose of the VPN realms so that you can give different URLs to different groups/departments?

Thanks!

HappyVlane · March 8, 2025, 2:29am

Realms (not talking about portals here) allow you to use a completely different FQDN for the login. Meaning you can have hr.vpn.company.com for one and vpn.testdomain.com for another realm. You can then customize the login accordingly.

And then you can use the settings you have for portals on top of that, so you can have one portal with only web mode for local users and one with full access for LDAP users.

Serge914 · March 8, 2025, 2:29am

But we can already do that if we associate differents portals to different group.

daveguerra · March 8, 2025, 2:29am

Different auth methods too. LDAP vs local vs PKI (this one almost requires it), etc