Ssl Vpn Web Portal - Fortinet FortiGate Series Administration Manual

SSL VPN

SSL VPN web portal

FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903
http://docs.fortinet.com/ • Feedback
Server Certificate
Require Client Certificate If you want to enable the use of group certificates for authenticating
Encryption Key
Algorithm
Default - RC4(128
bits) and higher
High - AES(128/256
bits) and 3DES
Low - RC4(64 bits),
DES and higher
Idle Timeout
Advanced (DNS and WINS Servers)
DNS Server #1
DNS Server #2
WINS Server #1
WINS Server #2
Apply
The SSL VPN Service portal allows you to access network resources through a secure
channel using a web browser. FortiGate administrators can configure log in privileges for
system users and which network resources are available to the users, such as
HTTP/HTTPS, telnet, FTP, SMB/CIFS, VNC, RDP and SSH.
The portal configuration determines what the system user sees when they log in to the
FortiGate. Both the system administrator and the system user have the ability to
customize the SSL VPN portal.
This section describes:
• Default web portal configurations
• Configuring web portal settings
• Configuring the virtual desktop
• Configuring security control
• Configuring web portal layout
• Session Information widget
• Bookmarks widget
• Connection Tool widget
• Tunnel Mode widget
Select the signed server certificate to use for authentication purposes. If
you leave the default setting (Self-Signed), the FortiGate unit offers its
factory installed (self-signed) certificate from Fortinet to remote clients
when they connect.
remote clients, select the check box. Afterward, when the remote client
initiates a connection, the FortiGate unit prompts the client for its client-
side certificate as part of the authentication process.
Select the algorithm for creating a secure SSL connection between the
remote client web browser and the FortiGate unit.
If the web browser on the remote client can match a cipher suite greater
than or equal to 128 bits, select this option.
If the web browser on the remote client can match a high level of SSL
encryption, select this option to enable cipher suites that use more than
128 bits to encrypt data.
If you are not sure which level of SSL encryption the remote client web
browser supports, select this option to enable a cipher suite greater
than or equal to 64 bits.
Type the period of time (in seconds) to control how long the connection
can remain idle before the system forces the user to log in again. The
range is from 10 to 28800 seconds. You can also set the value to 0 to
have no idle connection timeout. This setting applies to the SSL VPN
session. The interface does not time out when web application sessions
or tunnels are up.
Enter up to two DNS Servers to be provided for the use of clients.
Enter up to two WINS Servers to be provided for the use of clients.
Select to save and apply settings.
SSL VPN web portal
635