Tunnel Mode Widget - Fortinet FortiGate Series Administration Manual

SSL VPN

Tunnel Mode widget

FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903
http://docs.fortinet.com/ • Feedback
3 In the Connection Tool widget select the Edit icon in the widget title bar.
4 Enter the following information:
Name Optionally, enter a customized name for the Connection Tool widget.
Applications Select the types of server applications or network services that will be available
to users through the Connection Tool widget.
Type Select the server/application that the FortiGate unit will use to establish a
connection.
5 Select OK.
To use the Connection Tool widget
1 Open the web portal.
2 In the Connection Tool widget, from the Type list select the type network service you
want to use.
The available types of network service depend on the widget configuration. See
configure the Connection Tool
3 In the Host field, enter the URL, host name, or IP address as appropriate.
4 Select Go.
If your web portal provides tunnel mode access, you need to configure the Tunnel Mode
widget. These settings determine how tunnel mode clients are assigned IP addresses.
Also, you can enable a split tunneling configuration so that the VPN carries only the traffic
for the networks behind the FortiGate unit. The user's other traffic follows its normal route.
To configure tunnel mode settings
1 Open the web portal.
2 If the Tunnel Mode widget is missing, add it by selecting Tunnel Mode from the Add
Widget list in the top right corner of the window.
3 Select the Edit icon in the Tunnel Mode widget title bar.
4 Enter the following information:
Name Enter a name for the Tunnel Mode widget. The default is "Tunnel Mode".
IP Mode Select the mode by which the IP address is assigned to the user.
Range The user IP address is allocated from the IP addresses specified in
IP Pools. If IP Pools is empty, the IP Pools specified in VPN > SSL > Config
are used.
User Group The user is assigned the IP address specified in the Framed-IP-Address
field of the user's record on the RADIUS server. This option is valid only for
users authenticated by a RADIUS server.
IP Pools Select Edit to select the firewall addresses that represent IP address ranges
reserved for tunnel-mode SSL VPN clients. If the appropriate addresses do
not exist, go to Firewall > Address to create them.
Split tunneling Select to enable split tunneling. In a split tunneling configuration, the tunnel
mode client uses the SSL VPN only for traffic destined for the networks
behind the FortiGate unit. The user's other traffic follows its normal route.
The remaining items in the widget are available to the user during an SSL VPN
session.
5 Select OK in the Tunnel Mode widget.
widget".
SSL VPN web portal
"To
645