Configuring Ssl Vpn Event-Logging - Fortinet FORTIOS V3.0 MR7 User Manual

Configuring SSL VPN event-logging

Configuring SSL VPN event-logging
48
Cipher Strength
User Authentication
Method
Available Groups
3 Select OK.
Note: If you apply a protection profile in a SSL VPN firewall policy, it will only apply to
tunnel-mode operations.
4 If the user group requires access to another server or network, create the IP
destination address (see
repeat this procedure to create the required firewall policy.
5 Create additional IP destination addresses and firewall policies if required for each
additional user group.
You can configure the FortiGate unit to log SSL VPN events. For information
about how to interpret log messages, see the
To log SSL VPN events
1 Go to Log&Report > Log Config > Log Setting.
2 Enable the storage of log messages to one or more of the following locations:
• a FortiAnalyzer unit
• the FortiGate system memory
• a remote computer running a syslog server
Note: If available on your FortiGate unit, you can enable the storage of log messages to a
system hard disk. In addition, as an alternative to the options listed above, you may choose
to forward log messages to a remote computer running a WebTrends firewall reporting
server. For more information about enabling either of these options through CLI commands,
see the "log" chapter of the
3 If the options are concealed, select the blue arrow beside each option to reveal
and configure associated settings.
Select one of the following options to determine the level of SSL
encryption to use. The web browser on the remote client must be
capable of matching the level that you select:
• To use any cipher suite, select Any.
• To use a 164-bit or greater cipher suite, select High >= 164.
• To use a 128-bit or greater cipher suite, select Medium >= 128.
Select one of the following options to bind user groups to
authentication methods:
• If the user group contains only local users, select Local.
• If the remote clients will be authenticated by an external
RADIUS server, select Radius.
• If the remote clients will be authenticated by an external LDAP
server, select LDAP.
• If the user group contains Local, RADIUS, and LDAP users,
select Any to enable all of the authentication methods. Local is
attempted first, then RADIUS, then LDAP.
Select the name of the user group requiring SSL VPN access, and
then select the right-pointing arrow. Do not select more than one
user group unless all members of the selected user groups have
identical access requirements.
"To specify the destination IP address" on page
FortiGate Log Message
FortiGate CLI Reference.
FortiOS v3.0 MR7 SSL VPN User Guide
Configuring a FortiGate SSL VPN
46) and
Reference.
01-30007-0348-20080718