Configuration overview


Configuring a FortiGate SSL VPN	Configuration overview

Before you begin, install your choice of HTTP/HTTPS, telnet, SSH, FTP, SMB/CIFS, VNC, and/or RDP server applications on the internal network. As an alternative, these services may be accessed remotely through the Internet. All services must be running. Users must have individual user accounts to access the servers (these user accounts are not related to FortiGate user accounts or FortiGate user groups).

To configure FortiGate SSL VPN technology, you should follow these general steps:

1Enable SSL VPN connections and set the basic options needed to support SSL VPN configurations. See “Configuring SSL VPN settings” on page 36.

2To use X.509 security certificates for authentication purposes, load the signed server certificate, CA root certificate, and Certificate Revocation List (CRL) onto the FortiGate unit, and load the personal/group certificates onto the remote clients. For more information, see the FortiGate Certificate Management User Guide.

3Create one FortiGate user account for each remote client, and assign the users to SSL VPN type user groups. See “Configuring user accounts and SSL VPN user groups” on page 42.

4Configure the firewall policy and the remaining parameters needed to support the required mode of operation:

•For web-only mode operation, see “Configuring Web-only firewall policies” on page 46.

•For tunnel-mode operation, see “Configuring tunnel-mode firewall policies” on page 48.

5Define SSL VPN event-logging parameters. See “Configuring SSL VPN event- logging” on page 50.

6You can also monitor active SSL VPN sessions. See “Monitoring active SSL VPN sessions” on page 51.

Configuring the SSL VPN client

There are several configurations of SSL VPN applications available. The SSL VPN tunnel client application installs a network driver on the client machine that redirects all network traffic through the SSL VPN tunnel (it is necessary for the driver to be OS-specific).

SSL VPN web-mode works on all OSs and browsers. The tunnel mode client can be downloaded and installed from the browser interface on Windows platforms through ActiveX for IE, or Firefox plug-ins. If you prefer not to initiate the tunnel mode client function using a browser, standalone SSL VPN tunnel client applications are available for Windows, Linux, and MacOS (see Tunnel-mode client requirements for the specific versions that are supported). When a system configuration must involve more secure disposal of cached data, the SSL VPN Virtual Desktop should be used. (Windows XP only).

FortiOS v3.0 MR7 SSL VPN User Guide
01-30007-0348-20080718	19

FORTIOS V3.0 MR7 specifications

Fortinet's FortiOS v3.0 MR7 marks a significant advancement in network security and management, providing organizations with enhanced features, technologies, and characteristics to better protect their IT environments. This version of FortiOS is designed to facilitate comprehensive security and optimized performance, ensuring that organizations can safeguard their networks against evolving threats.

One of the main features in FortiOS v3.0 MR7 is its robust firewall capabilities. The stateful firewall technology enables dynamic packet filtering based on predefined security policies. This strengthens the organization's perimeter defense by allowing or denying traffic based on user-defined rules. Additionally, the integrated Application Control feature extends the firewall's capabilities by identifying and controlling applications regardless of port usage, enabling organizations to enforce security policies on a finer-grained level.

FortiOS v3.0 MR7 also introduces advanced intrusion prevention system (IPS) functionalities. The next-generation IPS utilizes deep packet inspection and real-time threat intelligence to detect and block attacks before they can compromise the network. Coupled with Fortinet’s threat research team, which ensures timely updates of security signatures, this system helps organizations mitigate risks posed by sophisticated cyber threats.

Another key characteristic of FortiOS v3.0 MR7 is its enhanced VPN capabilities. The support for both SSL and IPsec VPN allows secure remote access for employees and offers flexible options for secure communication over the internet. This feature is essential for organizations that embrace remote work, ensuring that sensitive data remains protected regardless of the user's location.

In addition to its powerful security features, FortiOS v3.0 MR7 includes advanced reporting and logging capabilities. Users can generate detailed reports that highlight security events, traffic patterns, and performance metrics. This data not only improves visibility into network security but also assists in compliance with regulatory requirements.

Moreover, the platform's user-friendly interface enhances the overall management experience. Administrators can quickly configure settings, monitor activity, and respond to incidents effectively. With centralized management capabilities, FortiOS v3.0 MR7 allows organizations to manage multiple devices from a single console, simplifying operations and reducing administrative overhead.

In summary, Fortinet's FortiOS v3.0 MR7 integrates a wealth of security features, including a stateful firewall, advanced IPS, VPN support, and comprehensive reporting functions. Together, these technologies ensure that organizations can maintain a strong security posture in an increasingly complex threat landscape.

Fortinet FORTIOS V3.0 MR7 manual Configuration overview, Configuring the SSL VPN client

Models: FORTIOS V3.0 MR7