Fortigate and SSL VPN Configuration
I know you do not have enough time, go !!
First activate SSL VPN on forti.
Need to create ip pool which forti will set when people connected, you can see below default forti already have such pre-configured one, if you want you can use it or create new object and set ip address range what you want assign to consumers , i generally add /24 C class
Need to modify routing table, add static route and forti should know what it will be do where it will route SSL-VPN source traffic for reach target
Device should be you interface which start with ssl.
No need to set default gw, leave 0.0.0.0 ,forti will handle it
Distance and priority is not important if you do not have other or more preferential one
Portals, i remember that SSL VPN and SSL VPN portals are pushed by Juniper, they have additional SSL VPN boxes for handle this jobs also extra cost and what good in Forti, no need to pay extra for it, but i don’t know what juniper do now !
Portals are used what customer/user sees when they login also applications are important because its affect how you configure the widgets later on
Set the name and application what you need, actually i used it for only use it on rules , after all changes pls don’t forget to click apply on left-top site
Pls set the ip range to portal what you created on second step like below and click OK (Click Edit on IP Pools and choose the IP Mode as a Range), after all changes pls don’t forget to click apply on left-top site
Create Users ….
Create Group and assign user and portal to group , to do it click SSL-VPN Access and choose portal from drop down , move the user right site
Last 2 steps …
First need to create auth rule, via this we will make authentication, you decide which ip address which destination,which group , which services and go !
and last thing
Where this customers/users allowed to access, need to write down a rule from network which assigned by forti to customer and target, where they need to access
Lets try , link should be like below if you did not change the port number on first step and give the username and pass and try to access
i wrote down forti.out.site.ip this is what outside ip of forti or related VDOM outside ip
For extra and more information maybe you would like to check out