Sir, Currently iam using fortinet vpn for roaming users, But need to replace it with AnyConnect vpn in this month as renewal is coming on last week on this month .

We are using Active directory for an authentication of users where we create multiple policies for Local Lan users, Critical Application users and so on.

By this if user need Critical application access only, they are not authorized to access Local Servers or Services.

Is there any other way to achieve solution like this. As we have on AD for authentication  only.

We have also vmX installed in AWS Cloud. If possible, by configure AnyConnect on vmX , we can check that scenario also.

Add the Windows Role "Microsoft NPS Server".  It is a RADIUS server that comes with Windows Server.  Use that for authentication.

For Application control ? 

My use cases- 

1. Let us assume we have 4 types of vpn users. User 1, User2, User3, User4.

a.) User A - need to access only GUI Based application hosted on cloud.

b.) User B - need to access only NAS server hosted on DC

c) User C - need to access only Web based application hosted on Private Cloud

d.) User D- need to access All Application or Servers hosted on DC, Cloud so on...

Let me explain our connectivity- 

• In DC we have MX 450
• In Private Cloud- Have MX 64
• In AWS Cloud - we have vmX
• In approx. 50 Project site location- have MX 64

All in SD-WAN ( Auto VPN) connectivity.

Explaining Current VPN scenerio-

- Have Fortigate Firewall- only for Forticlient VPN

-Have Active Directoory - used for maping group policy and Authenticatio of users. ( All 4-5 groups created and mapped with Fortigate for user authentication and mapping the group policies).

After connected the VPN, users can access services as per given access of that policy group only.