Configuring SSL VPN settings

Configuring a FortiGate SSL VPN

Idle Timeout

Type the period of time (in seconds) to control how long

 

the connection can remain idle before the system forces

 

the user to log in again. The range is from 10 to 28800

 

seconds. This setting applies to the SSL VPN session.

 

The interface does not time out when web application

 

sessions or tunnels are up. See Setting the idle timeout

 

setting.

Portal Message

If you want to display a custom caption at the top of the

 

web portal home page, type the message. See Adding a

 

custom caption to the web portal home page.

Advanced (DNS and WINS Servers) See Adding WINS and DNS services for clients.

DNS Server #1

DNS Server #2

WINS Server #1

WINS Server #2

Enter up to two DNS Servers to be provided for the use of clients.

Enter up to two WINS Servers to be provided for the use of clients.

When you finish making your selections, select Apply.

Note: The Tunnel IP Range fields are used to configure tunnel-mode access only. If you are configuring web-only mode operation, leave 0.0.0.0 values in the Tunnel IP Range fields. If you are configuring tunnel-mode operation, see “Specifying an IP address range for tunnel-mode clients” on page 38. For information about enabling certificate-based authentication through the Server Certificate and Require Client Certificate options, refer to

the FortiGate Certificate Management User Guide.

Specifying a port number for web portal connections

You can optionally specify a different TCP port number for users to access the web portal login page through the HTTPS link. By default, the port number is 10443 and users can access the web portal login page using the following default URL:

https://<FortiGate_IP_address>:10443/remote

where <FortiGate_IP_address> is the IP address of the FortiGate interface that accepts connections from remote users.

Note: Do not select port number 443 for user access to the web portal login page. Port number 443 is reserved to support administrative connections to the FortiGate unit through the web-based manager.

1Go to System > Admin > Settings.

2In the SSLVPN Login Port field, type an unused port number.

3Select Apply.

Specifying an IP address range for tunnel-mode clients

The Tunnel IP Range fields on the VPN > SSL > Config page enable you to reserve a range of IP addresses for remote SSL VPN clients. After the FortiGate unit authenticates a request for a tunnel-mode connection, the SSL VPN client connects to the FortiGate unit and is assigned an IP address from this range. Afterward, the FortiGate unit uses the assigned address to communicate with the SSL VPN client.

Caution: Take care to prevent overlapping IP addresses. Do not assign IP addresses that ! are already in use on the private network. As a precaution, consider assigning IP

addresses from a network that is not commonly used (for example, 10.254.254.0/24).

 

FortiOS v3.0 MR7 SSL VPN User Guide

36

01-30007-0348-20080718

Page 36
Image 36
Fortinet FORTIOS V3.0 MR7 manual Specifying a port number for web portal connections, Go to System Admin Settings

FORTIOS V3.0 MR7 specifications

Fortinet's FortiOS v3.0 MR7 marks a significant advancement in network security and management, providing organizations with enhanced features, technologies, and characteristics to better protect their IT environments. This version of FortiOS is designed to facilitate comprehensive security and optimized performance, ensuring that organizations can safeguard their networks against evolving threats.

One of the main features in FortiOS v3.0 MR7 is its robust firewall capabilities. The stateful firewall technology enables dynamic packet filtering based on predefined security policies. This strengthens the organization's perimeter defense by allowing or denying traffic based on user-defined rules. Additionally, the integrated Application Control feature extends the firewall's capabilities by identifying and controlling applications regardless of port usage, enabling organizations to enforce security policies on a finer-grained level.

FortiOS v3.0 MR7 also introduces advanced intrusion prevention system (IPS) functionalities. The next-generation IPS utilizes deep packet inspection and real-time threat intelligence to detect and block attacks before they can compromise the network. Coupled with Fortinet’s threat research team, which ensures timely updates of security signatures, this system helps organizations mitigate risks posed by sophisticated cyber threats.

Another key characteristic of FortiOS v3.0 MR7 is its enhanced VPN capabilities. The support for both SSL and IPsec VPN allows secure remote access for employees and offers flexible options for secure communication over the internet. This feature is essential for organizations that embrace remote work, ensuring that sensitive data remains protected regardless of the user's location.

In addition to its powerful security features, FortiOS v3.0 MR7 includes advanced reporting and logging capabilities. Users can generate detailed reports that highlight security events, traffic patterns, and performance metrics. This data not only improves visibility into network security but also assists in compliance with regulatory requirements.

Moreover, the platform's user-friendly interface enhances the overall management experience. Administrators can quickly configure settings, monitor activity, and respond to incidents effectively. With centralized management capabilities, FortiOS v3.0 MR7 allows organizations to manage multiple devices from a single console, simplifying operations and reducing administrative overhead.

In summary, Fortinet's FortiOS v3.0 MR7 integrates a wealth of security features, including a stateful firewall, advanced IPS, VPN support, and comprehensive reporting functions. Together, these technologies ensure that organizations can maintain a strong security posture in an increasingly complex threat landscape.