1. Manuals
  2. Brands
  3. Fortinet Manuals
  4. Software
  5. FORTIOS V3.0 MR7
  6. User manual

Enabling Strong Authentication Through Security Certificates; Specifying The Cipher Suite For Ssl Negotiations; Setting The Idle Timeout Setting - Fortinet FORTIOS V3.0 MR7 User Manual

Ssl vpn user guide
Hide thumbs
Table of Contents

Advertisement

Configuring a FortiGate SSL VPN
1
2
3

Enabling strong authentication through security certificates

Specifying the cipher suite for SSL negotiations

1
2
3

Setting the idle timeout setting

1
2
3
FortiOS v3.0 MR7 SSL VPN User Guide
01-30007-0348-20080718
To reserve a range of IP addresses for tunnel-mode clients
Go to VPN > SSL > Config.
In the Tunnel IP Range fields, type the starting and ending IP addresses (for
example, 10.254.254.80 to 10.254.254.100).
Select Apply.
The FortiGate unit supports strong (two-factor) authentication through X.509
security certificates (version 1 or 3). Strong authentication can be configured for
SSL VPN user groups by selecting the Server Certificate and Require Client
Certificate options on the VPN > SSL > Config page. However, you must first
ensure that the required certificates have been installed.
To generate certificate requests, install signed certificates, import CA root
certificates and certificate revocation lists, and back up and/or restore installed
certificates and private keys, refer to the
Guide.
The FortiGate unit supports a range of cryptographic cipher suites to match the
capabilities of various web browsers. The web browser and the FortiGate unit
negotiate a cipher suite before any information (for example, a user name and
password) is transmitted over the SSL link.
Go to VPN > SSL > Config.
In Encryption Key Algorithm, select one of the following options:
If the web browser on the remote client is capable of matching a 128-bit or
greater cipher suite, select Default - RC4(128 bits) and higher.
If the web browser on the remote client is capable of matching a high level of
SSL encryption, select High - AES(128/256 bits) and 3DES. This option
enables cipher suites that use more than 128 bits to encrypt data.
If you are not sure which level of SSL encryption the remote client web
browser supports, select Low - RC4(64 bits), DES and higher. The web
browser must at least support a 64-bit cipher length.
Select Apply.
The idle timeout setting controls how long the connection can remain idle before
the system forces the remote user to log in again. To improve security, keep the
default value of 300 seconds.
Go to VPN > SSL > Config.
In the Idle Timeout field, type an integer value. The valid range is from 10 to
28800 seconds.
Select Apply.
Configuring SSL VPN settings
FortiGate Certificate Management User
37

Advertisement

Table of Contents
loading

Related Manuals for Fortinet FORTIOS V3.0 MR7

Related Content for Fortinet FORTIOS V3.0 MR7

Table of Contents

Save Article as PDF