|
|
Configuring a FortiGate SSL VPN | Configuration overview |
Configuration overview
Before you begin, install your choice of HTTP/HTTPS, telnet, SSH, FTP, SMB/CIFS, VNC, and/or RDP server applications on the internal network. As an alternative, these services may be accessed remotely through the Internet. All services must be running. Users must have individual user accounts to access the servers (these user accounts are not related to FortiGate user accounts or FortiGate user groups).
To configure FortiGate SSL VPN technology, you should follow these general steps:
1Enable SSL VPN connections and set the basic options needed to support SSL VPN configurations. See “Configuring SSL VPN settings” on page 36.
2To use X.509 security certificates for authentication purposes, load the signed server certificate, CA root certificate, and Certificate Revocation List (CRL) onto the FortiGate unit, and load the personal/group certificates onto the remote clients. For more information, see the FortiGate Certificate Management User Guide.
3Create one FortiGate user account for each remote client, and assign the users to SSL VPN type user groups. See “Configuring user accounts and SSL VPN user groups” on page 42.
4Configure the firewall policy and the remaining parameters needed to support the required mode of operation:
•For
•For
5Define SSL VPN
6You can also monitor active SSL VPN sessions. See “Monitoring active SSL VPN sessions” on page 51.
Configuring the SSL VPN client
There are several configurations of SSL VPN applications available. The SSL VPN tunnel client application installs a network driver on the client machine that redirects all network traffic through the SSL VPN tunnel (it is necessary for the driver to be
SSL VPN
FortiOS v3.0 MR7 SSL VPN User Guide |
|
19 |