Manuals / Fortinet / Computer Equipment / Network Router

Fortinet FORTIOS V3.0 MR7 manual Specifying a port number for web portal connections

Models: FORTIOS V3.0 MR7

1 90
Download 90 pages 52.23 Kb
Page 36
Image 36

Configuring SSL VPN settings

Configuring a FortiGate SSL VPN

Idle Timeout

Type the period of time (in seconds) to control how long

 

the connection can remain idle before the system forces

 

the user to log in again. The range is from 10 to 28800

 

seconds. This setting applies to the SSL VPN session.

 

The interface does not time out when web application

 

sessions or tunnels are up. See Setting the idle timeout

 

setting.

Portal Message

If you want to display a custom caption at the top of the

 

web portal home page, type the message. See Adding a

 

custom caption to the web portal home page.

Advanced (DNS and WINS Servers) See Adding WINS and DNS services for clients.

DNS Server #1

DNS Server #2

WINS Server #1

WINS Server #2

Enter up to two DNS Servers to be provided for the use of clients.

Enter up to two WINS Servers to be provided for the use of clients.

When you finish making your selections, select Apply.

Note: The Tunnel IP Range fields are used to configure tunnel-mode access only. If you are configuring web-only mode operation, leave 0.0.0.0 values in the Tunnel IP Range fields. If you are configuring tunnel-mode operation, see “Specifying an IP address range for tunnel-mode clients” on page 38. For information about enabling certificate-based authentication through the Server Certificate and Require Client Certificate options, refer to

the FortiGate Certificate Management User Guide.

Specifying a port number for web portal connections

You can optionally specify a different TCP port number for users to access the web portal login page through the HTTPS link. By default, the port number is 10443 and users can access the web portal login page using the following default URL:

https://<FortiGate_IP_address>:10443/remote

where <FortiGate_IP_address> is the IP address of the FortiGate interface that accepts connections from remote users.

Note: Do not select port number 443 for user access to the web portal login page. Port number 443 is reserved to support administrative connections to the FortiGate unit through the web-based manager.

1Go to System > Admin > Settings.

2In the SSLVPN Login Port field, type an unused port number.

3Select Apply.

Specifying an IP address range for tunnel-mode clients

The Tunnel IP Range fields on the VPN > SSL > Config page enable you to reserve a range of IP addresses for remote SSL VPN clients. After the FortiGate unit authenticates a request for a tunnel-mode connection, the SSL VPN client connects to the FortiGate unit and is assigned an IP address from this range. Afterward, the FortiGate unit uses the assigned address to communicate with the SSL VPN client.

Caution: Take care to prevent overlapping IP addresses. Do not assign IP addresses that ! are already in use on the private network. As a precaution, consider assigning IP

addresses from a network that is not commonly used (for example, 10.254.254.0/24).

 

FortiOS v3.0 MR7 SSL VPN User Guide

36

01-30007-0348-20080718

Page 35 Page 37
Page 36
Image 36
Fortinet FORTIOS V3.0 MR7 manual Specifying a port number for web portal connections, Go to System Admin Settings
Page 35 Page 37