Created on 08-20-2010 05:25 AM Edited on 03-25-2022 10:25 AM By Anonymous
Purpose
This article describes how to configure the browser to direct traffic to a Proxy Server when running a SSL VPN tunnel.
Scope
FortiGate or VDOM in NAT mode
Diagram
PC Client (Public IP) <==> (Public IP) FortiGate (Internal IP) <--> Proxy Server <--> Router
192.168.182.128 172.31.224.196 10.168.0.196 10.168.0.97:3128
Expectations, Requirements
Configuration
- Choose Settings if you need to configure a proxy server for a connection> select 'Never dial a connection'
- Dial-up and Virtual Network settings> select 'fortissl' driver and click on 'Settings'
Proxy server> Use a proxy server for this connection
Address = 10.168.0.97 (Proxy server)
Port 3128
- Select 'Advanced' and add an Exception> Do not use proxy server for address beginning with:
172.31.224.196 (IP address of FortiGate to connect SSL VPN tunnel)
- LAN settings --> Not used to access Proxy protected by FortiGate
- Manual proxy configuration:
HTTP Proxy = 10.168.0.97
Port 3128
No Proxy for localhost, 127.0.0.1, 172.31.224.196 (IP address of FortiGate to connect SSL VPN tunnel)
config firewall policy
edit 1 set srcintf "wan1" set dstintf "internal" set srcaddr "all" set dstaddr "all" set action ssl-vpn set nat enable config identity-based-policy edit 1 set groups "grp-sll" set schedule "always" set service "ANY" next end next edit 2 set srcintf "ssl.root" set dstintf "internal" set srcaddr "all" set dstaddr "vlan168" set action accept set schedule "always" set service "ANY" set nat enable next end config router static edit 1 set device "wan1" set gateway 172.31.225.254 next edit 2 set device "ssl.root" set dst 10.0.0.0 255.255.255.0 next end config user group edit "grp-sll" set group-type sslvpn set member "fortinet" set sslvpn-portal "full-access" next end config vpn ssl settings set sslvpn-enable enable set tunnel-ip-pools "SSLVPN_TUNNEL_ADDR1" end |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.