Fortinet firewall SSL VPN configuration

From Notes_Wiki

Home > Enterprise security devices or applications > Fortigate firewall > Fortinet firewall SSL VPN configuration

Steps to be followed to configure the SSL VPN on FortiGate Fortinet Firewall

Create SSL VPN Group

  • To create the SSL VPN Group, go through the following steps:
  1. User & Authentication > User Groups > Click on Create new
  2. Give the Group name and select Type as Firewall then click on OK

Enable Feature Visibility

  • To enable the Feature Visibility, go through the following steps:
  1. Systems > Feature Visibility > enable SSL VPN > Click on Apply

Create SSL VPN Portal

  • To create the SSL VPN Portal, go through the following steps:
  1. VPN > SSL-VPN Portals > Select full-access > Click on Edit
  2. You can retain the Source IP Pools as it is or else you can delete the existing object and create the new object with the IP range that you want. Once the new object is created, we need to select the new object for the new source IP Pools.
  3. based on your requirement, you can enable or disable the options for Tunnel Mode Client Options then click on OK

SSL VPN Settings

  • For SSL VPN Settings, go through the following steps:
  1. Go to VPN > SSL-VPN Settings > Enable
  2. Select the appropriate WAN interface for the Listen on Interfaces. And mention the customized port number for the Listen on Port. And select the Fortinet_Factory from the drop_down_menu for the Server Certificate.
  3. Under Authentication/Portal Mapping, Select All Other Users/Groups then Click on the Edit Option.
  4. Select the SSL-VPN portal name that you would have created then click on OK.
  5. Go to VPN → SSL VPN Settings → Under Authentication/Portal Mapping → Click on Create New
  6. Once you click on Create New, New Windows will open, here we need to Select the SSL-VPN Group that we would have created earlier and Select the VPN Portal also that was created previously then Click on OK. then click on Apply.
  7. If you want, you can assign custom IP ranges for Tunnel Mode Client Settings or else you can ignore this step.

Create Firewall Rule

  • To create the Firewall Rule, go through the following steps:
  1. Policy & Objects > Firewall Policy > click on Create New
  2. Give appropriate Firewall Rule Name, select Schedule as always from the drop down menu. Select Accept for Action. And for incoming interface select SSL-VPN tunnel interface (ss.root) from the drop down menu. And select LAN (internal) for Outgoing interface
  3. Under Source and Destination, For the source subnet, select SSL-VPN group that you would have created earlier. Create Object for LAN network and select it for the Destination. And select ALL for the Service
  4. Disable the NAT and click on OK.

Create SSL VPN User

  • To create the SSL VPN User, go through the following steps:
1.6.1 User & Authentication > User Definition > click on Create new

1.6.2 select User Type as Local User, and then click on Next.

1.6.3 Once you click on Next in the previous step, Mention Username and assign appropriate password and then click on Next.

1.6.4 Select Enable for User Account Status, enable the User Group and select the User Group that you would have created. And then click on submit.

Download FortiClient and its Configuration

  • To download the FortiClient App and for its Configuration, go through the following steps:
1.7.1 Download FortiClient VPN App from the below Link.
Link: https://www.fortinet.com/support/product-downloads#vpn

1.7.2 For windows OS, select DOWNLOAD VPN for Windows 

1.7.3 Once the installer is downloaded, Installation is very straight forward, just follow onscreen instruction and Install the FortiClient application

1.7.4 Once the installation is completed, double-click on the FortiClient icon. It will take you to the following window. Here put the check mark for acknowledgement then click on I accept

1.7.5 Once you click on I accept in the previous step, it will take you to the next windows as following. Here we have to click on Configure VPN.

1.7.6 Once you click on Configure VPN in the previous step, select SSL-VPN for VPN, we can mention company name for the connection name, For Remote Gateway we need to mention static public IP that we would have configured on the firewall on the WAN port, mention the customize port that you would have configured. For Authentication select Save login, mention the Username then click on save.

1.7.7 Once you click on Save in the previous step, it will take you to the next window. Here you need to enter the password and click on connect.

1.7.8 Once you click on connect in the previous step, server certificate related warning message will pop up. Here click on Yes.

1.7.9 Once you click on Yes in the previous step, you will get acknowledgement telling VPN Connected.



Home > Enterprise security devices or applications > Fortigate firewall > Fortinet firewall SSL VPN configuration

Retrieved from "http://www.sbarjatiya.com/notes_wiki/index.php?title=Fortinet_firewall_SSL_VPN_configuration&oldid=8565"