Configuring a FortiGate SSL VPN

Configuring firewall policies

3From the Type list, select Subnet/IP Range.

4In the Subnet/IP Range field, type the corresponding IP address and subnet mask (for example, 172.16.10.0/24). If the remote client’s IP address is unknown, the Subnet/IP Range should be “all”, with 0.0.0.0/0.0.0.0 as the address used.

Note: To provide access to a single host or server, you would type an IP address like 172.16.10.2/32. To provide access to two servers having contiguous IP addresses, you would type an IP address range like 172.16.10.[4-5].

5In the Interface field, select the interface to the internal (private) network.

6Select OK.

To specify the destination IP address

1Go to Firewall > Address and select Create New.

2In the Address Name field, type a name that represents the local network, server(s), or host(s) to which IP packets may be delivered (for example,

Subnet_2).

3In the Subnet/IP Range field, type the corresponding IP address (for example, 192.168.22.0/24 for a subnet, or 192.168.22.2/32 for a server or host), or IP address range (192.168.22.[10-25]).

4In the Interface field, select the interface to the external (public) network.

5Select OK.

To define the firewall policy for tunnel-mode operations

1Go to Firewall > Policy and select Create New.

2Enter these settings:

Source

Interface/Zone

 

Select the FortiGate interface that accepts connections from

 

remote users (for example, external).

 

Address Name

 

Select the name that corresponds to the IP address of the remote

 

user.

Destination

Interface/Zone

 

Select the FortiGate interface to the local private network (for

 

example, internal).

 

Address Name

 

Select the IP destination address that you defined previously for

 

the host(s), server(s), or network behind the FortiGate unit (for

 

example, Subnet_2).

Service

Select ANY.

Action

Select SSL-VPN.

SSL Client Certificate Select to allow traffic generated by holders of a (shared) group

Restrictive certificate, for example, a user group containing PKI peers/users. The holders of the group certificate must be members of an SSL VPN user group, and the name of that user group must be present in the Allowed field.

FortiOS v3.0 MR7 SSL VPN User Guide

 

01-30007-0348-20080718

47

Page 46 Page 48
Page 47
Image 47
Fortinet FORTIOS V3.0 MR7 manual Subnet2, To define the firewall policy for tunnel-mode operations
Page 46 Page 48

FORTIOS V3.0 MR7 specifications

Fortinet's FortiOS v3.0 MR7 marks a significant advancement in network security and management, providing organizations with enhanced features, technologies, and characteristics to better protect their IT environments. This version of FortiOS is designed to facilitate comprehensive security and optimized performance, ensuring that organizations can safeguard their networks against evolving threats.

One of the main features in FortiOS v3.0 MR7 is its robust firewall capabilities. The stateful firewall technology enables dynamic packet filtering based on predefined security policies. This strengthens the organization's perimeter defense by allowing or denying traffic based on user-defined rules. Additionally, the integrated Application Control feature extends the firewall's capabilities by identifying and controlling applications regardless of port usage, enabling organizations to enforce security policies on a finer-grained level.

FortiOS v3.0 MR7 also introduces advanced intrusion prevention system (IPS) functionalities. The next-generation IPS utilizes deep packet inspection and real-time threat intelligence to detect and block attacks before they can compromise the network. Coupled with Fortinet’s threat research team, which ensures timely updates of security signatures, this system helps organizations mitigate risks posed by sophisticated cyber threats.

Another key characteristic of FortiOS v3.0 MR7 is its enhanced VPN capabilities. The support for both SSL and IPsec VPN allows secure remote access for employees and offers flexible options for secure communication over the internet. This feature is essential for organizations that embrace remote work, ensuring that sensitive data remains protected regardless of the user's location.

In addition to its powerful security features, FortiOS v3.0 MR7 includes advanced reporting and logging capabilities. Users can generate detailed reports that highlight security events, traffic patterns, and performance metrics. This data not only improves visibility into network security but also assists in compliance with regulatory requirements.

Moreover, the platform's user-friendly interface enhances the overall management experience. Administrators can quickly configure settings, monitor activity, and respond to incidents effectively. With centralized management capabilities, FortiOS v3.0 MR7 allows organizations to manage multiple devices from a single console, simplifying operations and reducing administrative overhead.

In summary, Fortinet's FortiOS v3.0 MR7 integrates a wealth of security features, including a stateful firewall, advanced IPS, VPN support, and comprehensive reporting functions. Together, these technologies ensure that organizations can maintain a strong security posture in an increasingly complex threat landscape.
Top Page Image Contents