Filter
Top Products
Configuring a FortiGate SSL VPN Configuration overview
FortiOS v3.0 MR7 SSL VPN User Guide
01-30007-0348-20080718 19
Configuration overview
Before you begin, install your choice of HTTP/HTTPS, telnet, SSH, FTP,
SMB/CIFS, VNC, and/or RDP server applications on the internal network. As an
alternative, these services may be accessed remotely through the Internet. All
services must be running. Users must have individual user accounts to access the
servers (these user accounts are not related to FortiGate user accounts or
FortiGate user groups).
To configure FortiGate SSL VPN technology, you should follow these general
steps:
1 Enable SSL VPN connections and set the basic options needed to support SSL
VPN configurations. See “Configuring SSL VPN settings” on page 36.
2 To use X.509 security certificates for authentication purposes, load the signed
server certificate, CA root certificate, and Certificate Revocation List (CRL) onto
the FortiGate unit, and load the personal/group certificates onto the remote
clients. For more information, see the FortiGate Certificate Management User
Guide.
3 Create one FortiGate user account for each remote client, and assign the users to
SSL VPN type user groups. See “Configuring user accounts and SSL VPN user
groups” on page 42.
4 Configure the firewall policy and the remaining parameters needed to support the
required mode of operation:
• For web-only mode operation, see “Configuring Web-only firewall policies” on
page 46.
• For tunnel-mode operation, see “Configuring tunnel-mode firewall policies” on
page 48.
5 Define SSL VPN event-logging parameters. See “Configuring SSL VPN event-
logging” on page 50.
6 You can also monitor active SSL VPN sessions. See “Monitoring active SSL VPN
sessions” on page 51.
Configuring the SSL VPN client
There are several configurations of SSL VPN applications available. The SSL
VPN tunnel client application installs a network driver on the client machine that
redirects all network traffic through the SSL VPN tunnel (it is necessary for the
driver to be OS-specific).
SSL VPN web-mode works on all OSs and browsers. The tunnel mode client can
be downloaded and installed from the browser interface on Windows platforms
through ActiveX for IE, or Firefox plug-ins. If you prefer not to initiate the tunnel
mode client function using a browser, standalone SSL VPN tunnel client
applications are available for Windows, Linux, and MacOS (see Tunnel-mode
client requirements for the specific versions that are supported). When a system
configuration must involve more secure disposal of cached data, the SSL VPN
Virtual Desktop should be used. (Windows XP only).