Configuring Ssl Vpn Identity-Based Firewall Policies - Fortinet FortiGate Series Administration Manual

Configuring firewall policies

Configuring SSL VPN identity-based firewall policies

400
Inbound NAT Select to translate the source IP addresses of inbound decrypted packets into
the IP address of the FortiGate interface to the local private network.
Outbound NAT Select only in combination with a natip CLI value to translate the source
addresses of outbound cleartext packets into the IP address that you specify.
When a natip value is specified, the source addresses of outbound IP packets
are replaced before the packets are sent through the tunnel. For more
information, see the "firewall" chapter of the
Note: For a route-based (interface mode) VPN, you do not configure an IPSec firewall
policy. Instead, you configure two regular ACCEPT firewall policies, one for each direction
of communication, with the IPSec virtual interface as the source or destination interface as
appropriate.
For more information, see the "Defining firewall policies" chapter of the
VPN User Guide.
For network users to use SSL-VPN identity-based policies, you must configure users, add
them to user groups, and then configure the policy.
To create an identity-based firewall policy (SSL-VPN), go to Firewall > Policy > Policy and
select Create New and enter the information in the following table. Select Action > SSL
VPN.
Note: The SSL-VPN option is only available from the Action list after you have added SSL
VPN user groups. To add SSL VPN user groups, see
For more information, see
Figure 213: Configuring a new SSL VPN firewall policy
"Configuring firewall policies" on page
FortiGate Version 4.0 MR1 Administration Guide
Firewall Policy
FortiGate CLI Reference.
FortiGate IPSec
"SSL VPN user groups" on page
391.
01-410-89802-20090903
http://docs.fortinet.com/
668.
• Feedback