Filter
Top Products
Introduction About FortiGate SSL VPN
FortiOS v3.0 MR7 SSL VPN User Guide
01-30007-0348-20080718 7
Introduction
This section introduces you to FortiGate™ Secure Sockets Layer (SSL) VPN
technology and provides supplementary information about Fortinet™ publications.
The following topics are included in this section:
• About FortiGate SSL VPN
• About this document
• FortiGate documentation
• Related documentation
• Customer service and technical support
About FortiGate SSL VPN
FortiGate SSL VPN technology makes it safe to do business over the Internet. In
addition to encrypting and securing information sent from a web browser to a web
server, FortiGate SSL VPN can be used to encrypt most Internet-based traffic.
With the FortiGate unit’s built-in SSL VPN capabilities, small home offices,
medium-sized businesses, enterprises, and service providers can ensure the
confidentiality and integrity of data transmitted over the Internet. The FortiGate
unit provides enhanced authentication and restricted access to company network
resources and services.
The two modes of SSL VPN operation, supported in NAT/Route mode only, are:
• web-only mode, for thin remote clients equipped with a web browser only
• tunnel mode, for remote computers that run a variety of client and server
applications
When the FortiGate unit provides services in web-only mode, a secure web
connection between the remote client and the FortiGate unit is established using
the SSL VPN security in the FortiGate unit and the SSL security in the web
browser. After the connection has been established, the FortiGate unit provides
access to selected services and network resources through a web portal.
Where users have complete administrative rights over their computers and use a
variety of applications, tunnel mode allows remote clients to access the local
internal network as if they were connected to the network directly. In tunnel mode,
a secure SSL connection is established initially for the FortiGate unit to download
SSL VPN client software (an ActiveX plugin) to the web browser. After the user
installs the SSL VPN client software, they can initiate a VPN tunnel with the
FortiGate unit whenever the SSL connection is open.
When the SSL VPN feature is used, all client traffic is encrypted and sent to the
SSL VPN. This includes both traffic intended for the private network and Internet
traffic that is normally sent unencrypted. Split tunneling ensures that only the
traffic for the private network is sent to the SSL VPN gateway. Internet traffic is
sent through the usual unencrypted route. This conserves bandwith and alleviates
bottlenecks. The split tunneling feature is not enabled by default.