Table of Contents
Advertisement
Configuring a FortiGate SSL VPN
Configuration overview
1
2
3
4
5
6
Configuring the SSL VPN client
FortiOS v3.0 MR7 SSL VPN User Guide
01-30007-0348-20080718
Before you begin, install your choice of HTTP/HTTPS, telnet, SSH, FTP,
SMB/CIFS, VNC, and/or RDP server applications on the internal network. As an
alternative, these services may be accessed remotely through the Internet. All
services must be running. Users must have individual user accounts to access the
servers (these user accounts are not related to FortiGate user accounts or
FortiGate user groups).
To configure FortiGate SSL VPN technology, you should follow these general
steps:
Enable SSL VPN connections and set the basic options needed to support SSL
VPN configurations. See
"Configuring SSL VPN settings" on page
To use X.509 security certificates for authentication purposes, load the signed
server certificate, CA root certificate, and Certificate Revocation List (CRL) onto
the FortiGate unit, and load the personal/group certificates onto the remote
clients. For more information, see the
Guide.
Create one FortiGate user account for each remote client, and assign the users to
SSL VPN type user groups. See
groups" on page
42.
Configure the firewall policy and the remaining parameters needed to support the
required mode of operation:
•
For web-only mode operation, see
page
46.
•
For tunnel-mode operation, see
page
48.
Define SSL VPN event-logging parameters. See
logging" on page
50.
You can also monitor active SSL VPN sessions. See
sessions" on page
51.
There are several configurations of SSL VPN applications available. The SSL
VPN tunnel client application installs a network driver on the client machine that
redirects all network traffic through the SSL VPN tunnel (it is necessary for the
driver to be OS-specific).
SSL VPN web-mode works on all OSs and browsers. The tunnel mode client can
be downloaded and installed from the browser interface on Windows platforms
through ActiveX for IE, or Firefox plug-ins. If you prefer not to initiate the tunnel
mode client function using a browser, standalone SSL VPN tunnel client
applications are available for Windows, Linux, and MacOS (see
client requirements
for the specific versions that are supported). When a system
configuration must involve more secure disposal of cached data, the SSL VPN
Virtual Desktop should be used. (Windows XP only).
FortiGate Certificate Management User
"Configuring user accounts and SSL VPN user
"Configuring Web-only firewall policies" on
"Configuring tunnel-mode firewall policies" on
"Configuring SSL VPN event-
"Monitoring active SSL VPN
Configuration overview
36.
Tunnel-mode
19
Advertisement
Table of Contents
