Fortinet FORTIOS V3.0 MR7 manual Setting the client authentication timeout setting

Page 38

Configuring SSL VPN settings

Configuring a FortiGate SSL VPN

Setting the client authentication timeout setting

The client authentication timeout setting controls how long an authenticated connection will remain connected. When this time expires, the system forces the remote client to authenticate again.

Note: The default value is 1500 seconds. You can only modify this timeout value in the CLI.

For example, to change the authentication timeout to 1800 seconds, enter the following commands:

config vpn ssl settings set auth-timeout 1800 end

Adding a custom caption to the web portal home page

You can add a custom caption (maximum 31 characters) to the top of the web portal home page.

To add a custom caption

1Go to VPN > SSL > Config.

2In the Portal Message field, type the caption.

3Select Apply.

Adding WINS and DNS services for clients

You can specify the WINS or DNS servers that are made available to SSL-VPN clients.

1Go to VPN > SSL > Config.

2Select the blue triangle to open the Advanced section.

3Enter the IP addresses of one or two DNS Servers to be provided for the use of clients.

4Enter the IP addresses of one or two WINS Servers to be provided for the use of clients.

Redirecting a user group to a popup window

The FortiGate unit redirects web browsers to the web portal home page after the remote client has been authenticated and the user has logged in successfully.

As an option, you can have the FortiGate unit display a second HTML page in a popup window when the client web browser is redirected to the web portal home page. To support this feature, the level of security settings associated with the Internet zone in the web browser must be set to permit popup windows.

The following procedure assumes that SSL VPN user groups have been defined (see “Configuring user accounts and SSL VPN user groups” on page 42). A different popup window can be specified per user group.

To display a custom popup window for a user group

1 Go to User > User Group.

 

FortiOS v3.0 MR7 SSL VPN User Guide

38

01-30007-0348-20080718

Image 38
Contents E R G U I D E FortiGate v3.0 MR7 SSL VPN User Guide TrademarksContents SSL VPN host OS patch check Configuring SSL VPN settingsWorking with the web portal Starting a session from the Tools areaLogging out Tunnel-mode featuresIndex Page Introduction About FortiGate SSL VPNAbout this document Document conventionsFortiGate documentation Typographic conventionsRelated documentation FortiManager documentationFortiAnalyzer documentation FortiClient documentationFortiMail documentation Fortinet Tools and Documentation CDCustomer service and technical support Comments on Fortinet technical documentationConfiguring a FortiGate SSL VPN Comparison of SSL and IPSec VPN technologyAccess control Legacy versus web-enabled applicationsAuthentication differences Connectivity considerationsSession failover support Web-only modeSSL VPN modes of operation Web-only mode client requirements Tunnel modeTopology Tunnel-mode client requirementsExample SSL VPN configuration Infrastructure requirementsConfiguration overview Configuring the SSL VPN clientTo download and run the SSL VPN Virtual Desktop application Using the SSL VPN Virtual DesktopSSL VPN Virtual Desktop application Configuring the SSL VPN client To download the SSL VPN Virtual Desktop, select To ping a host or server behind the FortiGate unit Using the SSL VPN standalone tunnel clientsTo connect to a web server from the Tools area To download the SSL VPN standalone tunnel client Windows Firmware Images selection on Fortinet customer support siteFortiClientSSLVPNSetup3.0.384.exe or Server Address PasswordSave user name and password , and Keep connection alive UsernameTo download the SSL VPN standalone tunnel client Linux Configuring the SSL VPN client Configuring a FortiGate SSL VPN To use the SSL VPN standalone tunnel client Linux User Enter your user name PasswordAdvanced settings ServerUse Client File Path To uninstall the SSL VPN standalone tunnel client LinuxTo download the SSL VPN standalone tunnel client MacOS Configuring the SSL VPN client To uninstall the SSL VPN standalone tunnel client MacOS To use the SSL VPN standalone tunnel client MacOSConfiguring SSL VPN settings Enabling SSL VPN connections and editing SSL VPN settingsSee Specifying the cipher suite for SSL negotiations Specifying an IP address range for tunnel-mode clients Go to System Admin SettingsSpecifying a port number for web portal connections Setting the idle timeout setting Specifying the cipher suite for SSL negotiationsTo add a custom caption Go to VPN SSL Config Setting the client authentication timeout settingAdding Wins and DNS services for clients Adding a custom caption to the web portal homeConfiguring user accounts and SSL VPN user groups Customizing the web portal loginUser Name DisableTo create a user account in the Local domain To create a user group Configuring user accounts and SSL VPN user groups Configuring firewall policies To specify the destination IP address Configuring firewall addressesConfiguring Web-only firewall policies To define the firewall policy for web-only mode connections Configuring tunnel-mode firewall policies To specify the source IP addressSubnet2 To define the firewall policy for tunnel-mode operationsAvailable Groups Configuring SSL VPN event-loggingUser Authentication To view SSL VPN event logs Go to Log&Report Log Access Monitoring active SSL VPN sessionsDelete Configuring SSL VPN bookmarks and bookmark groupsViewing the SSL VPN bookmark list See alsoConfiguring SSL VPN bookmarks Create New BookmarkConfiguring SSL VPN bookmark groups Viewing the SSL VPN Bookmark Groups listAssigning SSL VPN bookmark groups to SSL VPN users Variable Configuration ExampleSSL VPN host OS patch check DescriptionSSL VPN configuration for unique access permissions Enable SSL-VPN Settings Group1 user group attributes Source/destination firewall addresses Public IP To view the SSL VPN policies, go to Firewall Policy SSL VPN virtual interface ssl.root Firewall policy listInternet browsing policy Source Ssl.root Source address Peer network policy Source Ssl.root Source addressSSL VPN dropping connections SSL VPN dropping connections SSL VPN dropping connections Connecting to the FortiGate unit To log in to the FortiGate secure Http gatewayWeb portal home page features FortiGate SSL VPN Remote Access Web Portal Launching web portal applications URL re-writingBookmark Adding a bookmark to the My Bookmarks listAdd Bookmark DetailsTitle Host Name/IP, or Shared File FolderTo add a telnet connection and start a telnet session 10.10.10.10To add an FTP connection and start an FTP session To add a SMB/CIFS connection and start a SMB session Launching web portal applications To add a VNC connection and start a VNC session To add a RDP connection and start a RDP session Working with the web portal To add a SSH connection and start a SSH session 192.168.1.3See also To start a telnet session from the Tools area Tunnel-mode featuresStarting a session from the Tools area Working with the ActiveX/Java Platform plug-in To download and install the ActiveX/Java Platform plugin To initiate a VPN tunnel with the FortiGate unitLogging out Uninstalling the ActiveX/Java Platform pluginTo uninstall the ActiveX/Java Platform plugin Logging out Index URL Index Page

FORTIOS V3.0 MR7 specifications

Fortinet's FortiOS v3.0 MR7 marks a significant advancement in network security and management, providing organizations with enhanced features, technologies, and characteristics to better protect their IT environments. This version of FortiOS is designed to facilitate comprehensive security and optimized performance, ensuring that organizations can safeguard their networks against evolving threats.

One of the main features in FortiOS v3.0 MR7 is its robust firewall capabilities. The stateful firewall technology enables dynamic packet filtering based on predefined security policies. This strengthens the organization's perimeter defense by allowing or denying traffic based on user-defined rules. Additionally, the integrated Application Control feature extends the firewall's capabilities by identifying and controlling applications regardless of port usage, enabling organizations to enforce security policies on a finer-grained level.

FortiOS v3.0 MR7 also introduces advanced intrusion prevention system (IPS) functionalities. The next-generation IPS utilizes deep packet inspection and real-time threat intelligence to detect and block attacks before they can compromise the network. Coupled with Fortinet’s threat research team, which ensures timely updates of security signatures, this system helps organizations mitigate risks posed by sophisticated cyber threats.

Another key characteristic of FortiOS v3.0 MR7 is its enhanced VPN capabilities. The support for both SSL and IPsec VPN allows secure remote access for employees and offers flexible options for secure communication over the internet. This feature is essential for organizations that embrace remote work, ensuring that sensitive data remains protected regardless of the user's location.

In addition to its powerful security features, FortiOS v3.0 MR7 includes advanced reporting and logging capabilities. Users can generate detailed reports that highlight security events, traffic patterns, and performance metrics. This data not only improves visibility into network security but also assists in compliance with regulatory requirements.

Moreover, the platform's user-friendly interface enhances the overall management experience. Administrators can quickly configure settings, monitor activity, and respond to incidents effectively. With centralized management capabilities, FortiOS v3.0 MR7 allows organizations to manage multiple devices from a single console, simplifying operations and reducing administrative overhead.

In summary, Fortinet's FortiOS v3.0 MR7 integrates a wealth of security features, including a stateful firewall, advanced IPS, VPN support, and comprehensive reporting functions. Together, these technologies ensure that organizations can maintain a strong security posture in an increasingly complex threat landscape.