1. Manuals
  2. Brands
  3. Fortinet Manuals
  4. Software
  5. FORTIOS V3.0 MR7
  6. User manual

Fortinet FORTIOS V3.0 MR7 User Manual page 47

Ssl vpn user guide
Hide thumbs
Table of Contents

Advertisement

Configuring a FortiGate SSL VPN
3
4
5
6
1
2
3
4
5
1
2
FortiOS v3.0 MR7 SSL VPN User Guide
01-30007-0348-20080718
From the Type list, select Subnet/IP Range.
In the Subnet/IP Range field, type the corresponding IP address and subnet mask
(for example, 172.16.10.0/24). If the remote client's IP address is unknown,
the Subnet/IP Range should be "all", with 0.0.0.0/0.0.0.0 as the address used.
Note: To provide access to a single host or server, you would type an IP address like
172.16.10.2/32. To provide access to two servers having contiguous IP addresses, you
would type an IP address range like 172.16.10.[4-5].
In the Interface field, select the interface to the internal (private) network.
Select OK.
To specify the destination IP address
Go to Firewall > Address and select Create New.
In the Address Name field, type a name that represents the local network,
server(s), or host(s) to which IP packets may be delivered (for example,
Subnet_2).
In the Subnet/IP Range field, type the corresponding IP address (for example,
192.168.22.0/24 for a subnet, or 192.168.22.2/32 for a server or host), or
IP address range (192.168.22.[10-25]).
In the Interface field, select the interface to the external (public) network.
Select OK.
To define the firewall policy for tunnel-mode operations
Go to Firewall > Policy and select Create New.
Enter these settings:
Source
Interface/Zone
Select the FortiGate interface that accepts connections from
remote users (for example, external).
Address Name
Select the name that corresponds to the IP address of the remote
user.
Destination
Interface/Zone
Select the FortiGate interface to the local private network (for
example, internal).
Address Name
Select the IP destination address that you defined previously for
the host(s), server(s), or network behind the FortiGate unit (for
example, Subnet_2).
Service
Select ANY.
Action
Select SSL-VPN.
SSL Client Certificate
Select to allow traffic generated by holders of a (shared) group
certificate, for example, a user group containing PKI peers/users.
Restrictive
The holders of the group certificate must be members of an SSL
VPN user group, and the name of that user group must be present
in the Allowed field.
Configuring firewall policies
47

Advertisement

Table of Contents
loading

Related Manuals for Fortinet FORTIOS V3.0 MR7

Related Products for Fortinet FORTIOS V3.0 MR7

Table of Contents