Table of Contents
Advertisement
Configuring a FortiGate SSL VPN
FortiOS v3.0 MR7 SSL VPN User Guide
01-30007-0348-20080718
Go to Firewall > Policy and select Create New to create a firewall policy.
For a standard configuration, set up the firewall policies listed below.
Authentication policy
Source
wan1
Source address
all
Destination
internal
Destination address
internal subnet
Action
sslvpn
Authentication
ssl user group(s)
Inbound access policy
Source
ssl.root
Source address
ip address of remote client
Destination
internal
Destination address
internal subnet
Action
accept
Authentication
No authentication set
Outbound policy
Source
internal
Source address
internal subnet
Destination
ssl.root
Destination address
ssl assigned range
Action
Accept
Authentication
No authentication set
Static route
Destination network
<ssl-assigned subnet>
Destination interface ssl.root
To allow ssl users to browse the Internet through the FortiGate unit:
Internet browsing policy
Source
ssl.root
Source address
ssl-assigned range
Destination
wan1
Destination address
all
Action
accept
NAT enabled
Yes
Protection profile
Recommended
To allow SSL-tunnel users to access a policy-based VPN peer network:
Peer network policy
Source
ssl.root
Source address
ssl-assigned range
SSL VPN virtual interface (ssl.root)
61
Advertisement
Table of Contents
