Escolar Documentos
Profissional Documentos
Cultura Documentos
001001010111011010110100010010001000010010101110110101101000100100010000100101011101101011010001001000
001010111011010110100010010001000010010101110110101101000100100010000100101011101101011010001001000100
010111011010110100010010001000010010101110110101101000100100010000100101011101101011010001001000100001
FortiGate SSL VPN How To
William Lee CISA
111011010110100010010001000010010101110110101101000100100010000100101011101101011010001001000100001001
011010110100010010001000010010101110110101101000100100010000100101011101101011010001001000100001001010
William Lee CISA
May 9, 2010
010110100010010001000010010101110110101101000100100010000100101011101101011010001001000100001001010111
110100000100010000100101011101101011010001100100010000100101011101101011010001001000100001001010111011
100010010001000010010101110110101101000100100010000100101011101101011010001001000100001001010111011010
010010001000010010101110110101101000100100010000100101011101101011010001001000100001001010111011010110
The article aims to show an easier way to setup SSL VPN with a FortiGate UTM appliance. The equipment
0100010000100101011101101011010001
used was a FortiGate 100A with FortiOS 4.0 MR2.
The author started with the box that had completed factory reset.
factoryreset from CLI.
Please be reminded that if you do this, all the configurations on the box will be erased. Afterwards, have
the IP address of your administrative PC set to 192.168.1.100/24 and point to https://192.168.1.99 from
your favorite browser.
Next, you will see a login prompt. The look and feel of FortiOS 4.0 MR2 is completely different from the
previous versions.
Figure 3 Dashboard
Once you can get here, configure all basic settings like timezone, clock, interfaces IP, dynamic DNS, etc.
Configuration Steps
The configuration involves the following high level tasks, namely
1.
2.
3.
4.
5.
6.
7.
8.
9.
2. Setup user group(s) that allow SSL VPN access and include intended users
Web-base manager User > User Group > User Group
7. Create Firewall Policy to allow SSL VPN and/or tunnel mode access
A number of firewall policies are required to be implemented.
internal
ssl.root
ssl.root
ssl.root
wan1
wan1
wan1
>
>
>
>
>
>
>
wan1
internal
internal
wan1
internal
ssl.root
wan1
(accept)
(SSL-VPN)
(accept)
(accept)
(SSL-VPN)
(SSL-VPN)
(SSL-VPN)
aims
aims
aims
aims
aims
aims
aims
at
at
at
at
at
at
at
Web-base Manager Firewall > Policy > Policy > Create New
10
11
12
13
14
Comments
First General Release (GR) of this document
William Lee
Created/Changed By
William Lee CISA
15