Fortigate SSL VPN

What is SSL VPN

SSL VPN enables devices with an internet connection to establish a secure remote-access VPN connection with a web browser.An SSL VPN is a type of VPN that uses ssl (Secure Socket Layer protocol ) and the Transport Layer Security (TLS) protocol in standard web browsers to provide secure, remote-access VPN. An SSL VPN connection uses encryption to protect data transmitted between the endpoint device client software and the SSL VPN server through which the client connects securely to the internet.will see Fortigate SSL VPN in details.

SSL VPN Mode in Fortigate

  1. Tunnel Mode:- User need a client to connect for VPN
  2. Web Mode :- User can connect through web browser.

Step by Step Configuration of SSL VPN in Fortigate

SSL VPN Portal Setting

configure SSL VPN portal, go to VPN > SSL-VPN Portals. full-access portal allows the use of tunnel mode and web mode

⦁ Under Tunnel Mode, disable Enable Split Tunneling for both IPv4 and IPv6 traffic to ensure all Internet traffic will go through the FortiGate.
⦁ Set Source IP Pools as the default IP range SSLVPN_TUNNEL-ADDR1. You can set default Ip range if any requirement.

SSL VPN Portal
SSL VPN Portal
SSL VPN portal
SSL VPN Portal

In Web Mode, Predefined Bookmarks is used for any internal resources that the SSL VPN users need to access. In the example, the bookmark allows the remote user RDP access to a computer on the internal network.

Bookmark
Bookmark

Configuring the SSL VPN connection Setting

go to VPN > SSL-VPN Settings.
⦁ Set Listen on Interfaces to on WAN link. To avoid port conflicts, set Listen on Port to 10443. Set Restrict Access to Allow access from any host.
⦁ In the example, the Fortinet_Factory certificate is used as the Server Certificate. To ensure that traffic is secure, you should use your own CA-signed certificate. For more information about using certificates, see Preventing certificate warnings (CA-signed certificates).
⦁ Under Tunnel Mode Client Settings, set IP Ranges to use the default IP range SSLVPN_TUNNEL-ADDR1.

ssl vpn setting
ssl vpn setting

In Authentication/Portal Mapping, click Create New to add the user group and map it to the full-access portal.

Create Address
Create an address for the local subnet to access for vpn user, go to Policy & Objects > Addresses.
⦁ Set Type to Subnet, Subnet/IP Range to the local subnet, and Interface to lan.

Address

To create policy allowing access to the internal network through the VPN tunnel interface, go to Policy & Objects > IPv4 Policy.
⦁ Set Incoming Interface to ssl.root and Outgoing Interface to lan. Select Source and set Address to all and User to the Employee user group. Set Destination Address to the local network address, Service to ALL, and enable NAT.

policy
policy

Result :-

Log in to the SSL VPN.

Now VPN connection Established.

See users currently connected to the SSL VPN, go to Monitor > SSL-VPN Monitor. The user is connected to the VPN.

Share Knowledge
Scroll to Top