Created on 05-10-2007 12:00 AM
Description | Setting up FortiGate SSL VPN to provide secure web-based access to an internal network. |
Components |
|
Steps or Commands | SSL VPN is a secure remote access solution that requires very little configuration on the client end. There are two modes for SSL VPN.
Remote users (also called clients) are required to have the following configuration:
To configure the SSL VPN service using the web-based manager
To configure an SSL VPN user group
Note: To control access to your SSL VPN network, your users must log in with a username and password as defined in your FortiGate unit User configuration. This example shows how to add local users to your FortiGate unit configuration. You can also configure SSL VPN to work with your LDAP or RADIUS servers. To add an SSL VPN firewall policy
With this configuration, users can access your FortiGate unit SSL VPN page from outside of your internal network (from the Internet). To access the SSL VPN page users start a web browser and browse to your FortiGate unit public IP address. They must also specify a unique port number in their browser address field. For example, if the public IP address of your FortiGate unit is 210.55.55.1 your users would browse to https://210.55.55.1:10443. Once connected, the user must login. The user information provided must match a user in the group defined above. After a successful login, the FortiGate Web mode access portal appears.Users can define a new bookmark for access to an internal FTP server, web server or remotely control a PC on the network using the Remote Desktop Protocol or VNC if available. Note: As of Maintenance Release 5 (MR5), a new option in the GUI allows administrators to configure predefined bookmarks for SSL VPN web mode access. Go to VPN > SSL > Bookmarks. To initiate tunnel mode, the user selects the activate SSL VPN tunnel mode link at the top of the web page. On first viewing, the user may be required to install either an ActiveX, (Internet Explorer) or Java, (Firefox) component. This process installs a new dialup network connection on the user's PC to secure this user’s connection to your internal network. Once tunnel mode is established, the status window on this page shows duration of the connection. The user can minimize this browser window and work as though they were connected directly to the internal network. Note: Access at this point requires either that users know the IP addresses of internal servers, or that your DNS server is configured to resolve internal machine names, also called netbios names, of those servers. To close this connection, the user can either select Disconnect in the open web browser, or close the browser. For more information about SSL VPN and about advanced SSL VPN options, see the SSL VPN User Guide. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.