Fortigate and SSL VPN Configuration

I know you do not have enough time, go !!

First activate SSL VPN on forti.

Need to create ip pool which forti  will set when people connected, you can see below default forti already have such pre-configured one, if you want you can use it or create new object and set ip address range what you want assign to consumers , i generally add /24 C class

Need to modify routing table, add static route and forti should know what it will be do where it will route SSL-VPN source traffic for reach target

Device should be you interface which start with ssl.
No need to set default gw, leave 0.0.0.0 ,forti will handle it
Distance and priority is not important if you do not have other or more preferential one

Portals, i remember that SSL VPN and SSL VPN portals are pushed by Juniper, they have additional SSL VPN boxes for handle this jobs also extra cost and what good in Forti, no need to pay extra for it, but i don’t know what juniper do now !

Portals are used what customer/user sees when they login also applications are important because its affect how you configure the widgets later on

 

Set the name and application what you need, actually i used it for only use it on rules , after all changes pls don’t forget to click apply on left-top site

Pls set the ip range to portal what you created on second step like below and click OK (Click Edit on IP Pools and choose the IP Mode as a Range), after all changes pls don’t forget to click apply on left-top site

Create Users ….

 

Create Group and assign user and portal to group , to do it click SSL-VPN Access and choose portal from drop down , move the user right site

Last 2 steps …

First need to create auth rule, via this we will make authentication, you decide which ip address which destination,which group , which services and go !

and last thing

Where this customers/users allowed to access, need to write down a rule from network which assigned by forti to customer and target, where they need to access

Lets try , link should be like below if you did not change the port number on first step and give the username and pass and try to access

https://forti.out.site.ip:10443/remote/login

i wrote down forti.out.site.ip this is what outside ip of forti or related VDOM outside ip

For extra and more information maybe you would like to check out

http://docs.fortinet.com/fgt/handbook/40mr3/fortigate-sslvpn-40-mr3.pdf

VM

Posted on 07/08/2012, in Fortigate and tagged , . Bookmark the permalink. 1 Comment.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: