Fortinet FORTIOS V3.0 MR7 manual Index

Page 85

Index

Index

A

ActiveX plugin downloading 81 uninstalling 83

applications, web-portal 68 authentication timeout setting 40

B

bookmarks user-defined 69

C

certificates

allow group certificate 47 self signed 65

X.509 20

cifs session, establishing 73 cipher suite, SSL negotiations 39 client

Linux 28

MacOS 32 standalone 24 uninstalling Linux 32 uninstalling MacOS 35 uninstalling Windows 27 using Linux 31

using MacOS 34 using Windows 27 Windows 25

client requirements tunnel mode 18 web-only mode 16

comments, documentation 12 configuration, general steps 20 configuring

SSL VPN client 20 connecting

to ftp server 72

to secure HTTP gateway 65 to telnet server 71, 78, 80 to web portal 66

to web server 24, 70, 80 to web-based manager 36

connections

defining bookmarks to 69 enabling SSL VPN 36

connectivity, testing for 24, 80 customer service 12

D

deployment topology 19

FortiOS v3.0 MR7 SSL VPN User Guide

documentation commenting on 12 Fortinet 9

downloading Linux client 28 MacOS client 32 Windows client 25

E

establishing cifs session 73 establishing ftp session 72 establishing rdp session 76 establishing smb session 73 establishing vnc session 75

F

firewall policy tunnel-mode access 48 web-only mode access 46

FortiGate documentation commenting on 12

Fortinet customer service 12 Fortinet documentation 9 Fortinet Knowledge Center 11 Fortinet SSL VPN Client area 80, 82 ftp server, connecting to 72

ftp session, establishing 72

H

home page, web portal features 66 host check

OS 56

host OS

patch check 56

I

idle timeout setting 40 infrastructure requirements 19

overall 19 tunnel-mode clients 18 web-only mode clients 16

introduction deployment topology 18

FortiGate SSL VPN technology 7 Fortinet documentation 9 general configuration steps 20 tunnel mode 7

web-only mode 7

IP address range, tunnel mode 38 IPSec VPN

comparison to SSL 13

01-30007-0348-20080718

85

Image 85
Contents E R G U I D E Trademarks FortiGate v3.0 MR7 SSL VPN User GuideContents Working with the web portal Configuring SSL VPN settingsSSL VPN host OS patch check Starting a session from the Tools areaIndex Tunnel-mode featuresLogging out Page About FortiGate SSL VPN IntroductionDocument conventions About this documentTypographic conventions FortiGate documentationFortiManager documentation Related documentationFortiMail documentation FortiClient documentationFortiAnalyzer documentation Fortinet Tools and Documentation CDComments on Fortinet technical documentation Customer service and technical supportComparison of SSL and IPSec VPN technology Configuring a FortiGate SSL VPNAuthentication differences Legacy versus web-enabled applicationsAccess control Connectivity considerationsSSL VPN modes of operation Web-only modeSession failover support Tunnel mode Web-only mode client requirementsTunnel-mode client requirements TopologyInfrastructure requirements Example SSL VPN configurationConfiguring the SSL VPN client Configuration overviewSSL VPN Virtual Desktop application Using the SSL VPN Virtual DesktopTo download and run the SSL VPN Virtual Desktop application Configuring the SSL VPN client To download the SSL VPN Virtual Desktop, select To connect to a web server from the Tools area Using the SSL VPN standalone tunnel clientsTo ping a host or server behind the FortiGate unit Firmware Images selection on Fortinet customer support site To download the SSL VPN standalone tunnel client WindowsFortiClientSSLVPNSetup3.0.384.exe or Save user name and password , and Keep connection alive PasswordServer Address UsernameTo download the SSL VPN standalone tunnel client Linux Configuring the SSL VPN client Configuring a FortiGate SSL VPN Advanced settings User Enter your user name PasswordTo use the SSL VPN standalone tunnel client Linux ServerTo download the SSL VPN standalone tunnel client MacOS To uninstall the SSL VPN standalone tunnel client LinuxUse Client File Path Configuring the SSL VPN client To use the SSL VPN standalone tunnel client MacOS To uninstall the SSL VPN standalone tunnel client MacOSEnabling SSL VPN connections and editing SSL VPN settings Configuring SSL VPN settingsSee Specifying the cipher suite for SSL negotiations Specifying a port number for web portal connections Go to System Admin SettingsSpecifying an IP address range for tunnel-mode clients Specifying the cipher suite for SSL negotiations Setting the idle timeout settingAdding Wins and DNS services for clients Setting the client authentication timeout settingTo add a custom caption Go to VPN SSL Config Adding a custom caption to the web portal homeCustomizing the web portal login Configuring user accounts and SSL VPN user groupsTo create a user account in the Local domain DisableUser Name To create a user group Configuring user accounts and SSL VPN user groups Configuring firewall policies Configuring Web-only firewall policies Configuring firewall addressesTo specify the destination IP address To define the firewall policy for web-only mode connections To specify the source IP address Configuring tunnel-mode firewall policiesTo define the firewall policy for tunnel-mode operations Subnet2User Authentication Configuring SSL VPN event-loggingAvailable Groups Monitoring active SSL VPN sessions To view SSL VPN event logs Go to Log&Report Log AccessViewing the SSL VPN bookmark list Configuring SSL VPN bookmarks and bookmark groupsDelete See alsoCreate New Bookmark Configuring SSL VPN bookmarksViewing the SSL VPN Bookmark Groups list Configuring SSL VPN bookmark groupsAssigning SSL VPN bookmark groups to SSL VPN users SSL VPN host OS patch check Configuration ExampleVariable DescriptionSSL VPN configuration for unique access permissions Enable SSL-VPN Settings Group1 user group attributes Source/destination firewall addresses Public IP To view the SSL VPN policies, go to Firewall Policy Firewall policy list SSL VPN virtual interface ssl.rootPeer network policy Source Ssl.root Source address Internet browsing policy Source Ssl.root Source addressSSL VPN dropping connections SSL VPN dropping connections SSL VPN dropping connections To log in to the FortiGate secure Http gateway Connecting to the FortiGate unitWeb portal home page features FortiGate SSL VPN Remote Access Web Portal URL re-writing Launching web portal applicationsAdd Bookmark Adding a bookmark to the My Bookmarks listBookmark DetailsHost Name/IP, or Shared File Folder Title10.10.10.10 To add a telnet connection and start a telnet sessionTo add an FTP connection and start an FTP session To add a SMB/CIFS connection and start a SMB session Launching web portal applications To add a VNC connection and start a VNC session To add a RDP connection and start a RDP session Working with the web portal 192.168.1.3 To add a SSH connection and start a SSH sessionSee also Starting a session from the Tools area Tunnel-mode featuresTo start a telnet session from the Tools area Working with the ActiveX/Java Platform plug-in To initiate a VPN tunnel with the FortiGate unit To download and install the ActiveX/Java Platform pluginTo uninstall the ActiveX/Java Platform plugin Uninstalling the ActiveX/Java Platform pluginLogging out Logging out Index URL Index Page

FORTIOS V3.0 MR7 specifications

Fortinet's FortiOS v3.0 MR7 marks a significant advancement in network security and management, providing organizations with enhanced features, technologies, and characteristics to better protect their IT environments. This version of FortiOS is designed to facilitate comprehensive security and optimized performance, ensuring that organizations can safeguard their networks against evolving threats.

One of the main features in FortiOS v3.0 MR7 is its robust firewall capabilities. The stateful firewall technology enables dynamic packet filtering based on predefined security policies. This strengthens the organization's perimeter defense by allowing or denying traffic based on user-defined rules. Additionally, the integrated Application Control feature extends the firewall's capabilities by identifying and controlling applications regardless of port usage, enabling organizations to enforce security policies on a finer-grained level.

FortiOS v3.0 MR7 also introduces advanced intrusion prevention system (IPS) functionalities. The next-generation IPS utilizes deep packet inspection and real-time threat intelligence to detect and block attacks before they can compromise the network. Coupled with Fortinet’s threat research team, which ensures timely updates of security signatures, this system helps organizations mitigate risks posed by sophisticated cyber threats.

Another key characteristic of FortiOS v3.0 MR7 is its enhanced VPN capabilities. The support for both SSL and IPsec VPN allows secure remote access for employees and offers flexible options for secure communication over the internet. This feature is essential for organizations that embrace remote work, ensuring that sensitive data remains protected regardless of the user's location.

In addition to its powerful security features, FortiOS v3.0 MR7 includes advanced reporting and logging capabilities. Users can generate detailed reports that highlight security events, traffic patterns, and performance metrics. This data not only improves visibility into network security but also assists in compliance with regulatory requirements.

Moreover, the platform's user-friendly interface enhances the overall management experience. Administrators can quickly configure settings, monitor activity, and respond to incidents effectively. With centralized management capabilities, FortiOS v3.0 MR7 allows organizations to manage multiple devices from a single console, simplifying operations and reducing administrative overhead.

In summary, Fortinet's FortiOS v3.0 MR7 integrates a wealth of security features, including a stateful firewall, advanced IPS, VPN support, and comprehensive reporting functions. Together, these technologies ensure that organizations can maintain a strong security posture in an increasingly complex threat landscape.