1. Manuals
  2. Brands
  3. Fortinet Manuals
  4. Software
  5. FORTIOS V3.0 MR7
  6. User manual

Configuring Firewall Addresses; Configuring Web-Only Firewall Policies - Fortinet FORTIOS V3.0 MR7 User Manual

Ssl vpn user guide
Hide thumbs
Table of Contents

Advertisement

Configuring firewall policies
44
specifying the level of SSL encryption to use and the authentication method
binding the user group to the firewall policy
Note: In tunnel mode, it is necessary to create a DENY firewall policy that immediately
follows the SSL VPN policy. If this policy is not created, SSL VPN tunnels will use other
ACCEPT firewall policies. See the order of the Firewall policies below:
The following topics are included in this section:

Configuring firewall addresses

Configuring tunnel-mode firewall policies
Configuring SSL VPN event-logging
Monitoring active SSL VPN sessions
Configuring firewall addresses
Configuring the firewall addresses for web-only and tunnel mode connections
involves specifying the IP source/host and destination addresses:
Web-only mode:
For the source address, select the predefined address "all" in the firewall
encryption policy to refer to web-only mode clients.
The destination address corresponds to the IP address or addresses that
remote clients need to access. The destination address may correspond to
an entire private network (behind the FortiGate unit), a range of private IP
addresses, or the private IP address of a server or host.
Tunnel mode:
The source address corresponds to the public IP address that can be
connected to the FortiGate unit. This address is used to restrict who can
access the FortiGate unit.
The destination address corresponds to the IP address or addresses that
remote clients need to access. The destination address may correspond to
an entire private network (behind the FortiGate unit), a range of private IP
addresses, or the private IP address of a server or host.

Configuring Web-only firewall policies

To specify the destination IP address
1
Go to Firewall > Address and select Create New.
2
In the Address Name field, type a name that represents the local network,
server(s), or host(s) to which IP packets may be delivered (for example,
Subnet_1).
3
From the Type list, select Subnet/IP Range.
4
In the Subnet/IP Range field, type the corresponding IP address and subnet mask
(for example, 172.16.10.0/24).
Configuring a FortiGate SSL VPN
FortiOS v3.0 MR7 SSL VPN User Guide
01-30007-0348-20080718

Advertisement

Table of Contents
loading

Related Manuals for Fortinet FORTIOS V3.0 MR7

Related Content for Fortinet FORTIOS V3.0 MR7

Table of Contents

Save Article as PDF