|
|
Configuring a FortiGate SSL VPN | SSL VPN virtual interface (ssl.root) |
Go to Firewall > Policy and select Create New to create a firewall policy. For a standard configuration, set up the firewall policies listed below.
Authentication policy |
|
Source | wan1 |
Source address | all |
Destination | internal |
Destination address | internal subnet |
Action | sslvpn |
Authentication | ssl user group(s) |
Inbound access policy | |
Source | ssl.root |
Source address | ip address of remote client |
Destination | internal |
Destination address | internal subnet |
Action | accept |
Authentication | No authentication set |
Outbound policy |
|
Source | internal |
Source address | internal subnet |
Destination | ssl.root |
Destination address | ssl assigned range |
Action | Accept |
Authentication | No authentication set |
Static route |
|
Destination network | |
Destination interface | ssl.root |
To allow ssl users to browse the Internet through the FortiGate unit:
Internet browsing policy
Source | ssl.root |
Source address | |
Destination | wan1 |
Destination address | all |
Action | accept |
NAT enabled | Yes |
Protection profile | Recommended |
To allow
Peer network policy |
|
Source | ssl.root |
Source address |
FortiOS v3.0 MR7 SSL VPN User Guide |
|
61 |