Day-09 | Configure IPSec Remote Access VPN in Fortigate Firewall | SSL VPN configuration

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

Hello friends welcome to my YouTube channel tech net guide friends in this video I am going to tell you how to configure SSL VPN Remote Access VPN in portuguet firewall so friends you can see this is my 40 gate firewall and this is my inside Zone here okay this is my inside Lan Zone and this is my DMZ here DMZ okay DMZ so friends you can see my dmj zone network is 20.1.1.0 okay so we have to device here 20.1.10 and 20.1.12 okay so you can see the same way when my when interface IP 192 168 1.101 so this is my PC on internet from this PC we will connect through SSL VPN okay Remote Access VPN and from this PC will after connect SSL VPN will try to access this device on telnet or researcher ping okay so we'll show you now friends we can start SSL VPN configuration on 40 gate firewall okay so friends you can see this is my 40 gate firewall okay let me show you its interfaces clicker Network and then click on interfaces okay so you can see this is my one interface IP address is 1.101 okay Port 2 is My Lan Port here okay so it's IPA 10.1.1.1 okay now in dmj zone we have IP interface IP 20.1.1.1 okay so now friends we can configure your SSL VPN before going to start SSL VPN configuration you have to create any user here click here to user and Authentication now click on user definition now friends click on create new to select local user and then click on next username TechNet okay now provide password Here now click on next now if you want to enable two-factor authentication you can enable this otherwise click on next so now we have to enable this click here enable Okay now click on submit okay now friends you can see we have created any user now friends you have to create a group okay we have to click on create new to create a new group SSL group name sslb pin users now we have to click on firewall and we have to select member here which memory would open so you have to Define here newly created member TechNet now click on OK so friends in this group you can see we have a user now friends we have to configure VPN here go to VPN and then we have to select on SSL VPN setting just click here you can see enable SL VPN okay now friends we have to select when interface so you can see when it is Port 1 okay Port 1 is my when and listen on port number it will be 1 0 4 4 you can give anything okay so it will be listen on this port number okay so now server certificate we have to keep it default here 14 148 Factory okay we have to select a restrict access allow access from any host or laminate access to host okay we can select here allow access from any host okay so friends now now in tunnel mode client settings so you can see tunnel user will be receive IP range 10 dot this IP range okay when user will connect with SSL VPN so this user so IP address range will be this one 10.212 4.134.200 to 210 okay this range will be assigned to this user after connected with SSL VPN okay no DNS server same client as system Apu have your own DNS server so you can Define your DNA server otherwise you can leave it as it is okay now friends here we have to pry authentication and portal mapping so we have to add our user group here okay just add our user group is SSL BP user okay no portal so default portal will be full access Okay now click on OK okay now also we have to select here all other user group we have to select here full access and click on OK OK now click on apply now we have to select here SSL VPN portal okay you can see SSL VPN portal just click on it and then double kill now prints select here full access now click on edit okay so now friends you can see we have a full access Channel okay portal by default created it okay so now you can see tunnel mode so friends when we enable tunnel mode if you disable tunnel mode all client traffic will be directed over the SSL VPN tunnel so friends when this user will be connected with SSL VPN so all its traffic internet traffic all traffic will be passed through our firewall okay so our firewall so it's not recommended suppose this is a trying to access Internet so it should go through internet okay so it should not go through our firewall it directly go to internet okay here if this user only accepts this network okay if this user only access this network then should be passes through our firewall okay so here you can see enable based on policy destination so we can Define policy based on policy it will be enable which traffic should be passes through firewall okay so now here you can see we have to select here routing address override we have to select our DMG Network okay okay 10.212 okay so let me show you again how to define this select here and select this one okay so this pool will be assigned to our client PC when it will connect to SSL VPN okay now tunnel mode client option allow client to save password you can select here so prints you can see Beam mode so friends we can connect to SSL VPN with two Mode web mode or 40 client mode so we will see wave mode we can connect through browser okay client mode we can connect with 40 client okay so now here we can select here 40q and download directed Okay now click on OK so we have configured sslb pin here okay on 40 gate firewall now friends you have to create policy here okay so you can see sslb pin setting so no SSL between policy exist click to create new policy using this setting okay so let me show you how to create policy you can click here or we can click to security profile for CN object we can create policy from here great so friends we can create from here just click here so you can see automatic it's assigned this interface tunnel interface here so name policy name will be SSL VPN sslb pin in okay so when traffic coming through outside to inside okay so outgoing interface will be so friends you can see incoming interface our SSL VPN tunnel interface and outgoing interface our DMZ okay dim jet port and Source will be source our SSL BP internal address 10 dot to 1 to 134 which will be assigned to our so we can select this address okay this address assigned to our remote PC when it will connect to sslv pin now also we have to select here our user Okay click on user and we have to select User Group SSL beeping users okay now in destination destination we have to select our DMZ address 20.1.0 okay DMZ address now service will be all now we can accept here now no net will be there for Destination traffic coming from outside okay so now we have to enable this PLC here now click on OK so we have created this policy now click on apply now friends what we can do we have now friends go to policy and object viral policy now friends we have created policy and all VPN settings okay now we have to go to our PC and connect with 40 clients so you can see I have installed 40 client here just click on it so friends so you can say vertic line now click on configure VPN so we have to select SSL VPN here provider VPN name SSL VPN it's just a connection name okay description not recommended remote Gateway IP address one dot sorry 192 168 1.101 so customized Portage 1 0 4 4 3 okay now client certificate known so save login or username so username is TechNet okay now we we can click on Save so you can see TechNet now we have to provide password now click on connect okay unable to establish VPN connection the VPN server may be unreachable [Music] so it's not getting connect here so friend let me check from browser so friends uh I have already discussed you we have two more to connect here 40 client and web mode okay so we can connect with web mode let me go to here like stps 192 168 1.101 colon 10984 10443 okay just connect here so now click on advance now click on accept so now you can see we have login portal here taken it and password will be provide password now click login permission denied Okay one minute and password so now friends you can see we have logged in in web mode okay you can see Beam mode we have logged in here with my user now friends you can see we have connected with SSL VPN portal here okay now friends what we can do we now we can try to access from this PC try to access this network this network this router okay let's try to access so let me click on Cube connection here so you can see 20.1.1.10 okay so from here we can access our like SSH just we can click on SSH okay now we have to provide our router IP address here 20 Dot 20.1.1.10 now click on launch so you can see now it's asking for password Here Cisco so now provide password Cisco enable Cisco so friends you can see we are able to access this router from this PC so my SSL VPN is working fine here friends okay so now what we can do so now we can exit from here exit so close window now we can also create here uh let me ping gear let's check ping 20.1.1.10 as you can see is reachable okay so from 40 client I am not able to connect because so you can see friends it's a evaluation license that's why it's showing some issue okay to connect with 40 client so friends in this video we have seen how to configure SSL VPN in 40 gate firewall so friends thanks for watching this video have a nice day

Info

Channel: TechNet Guide

Views: 7,132

Rating: undefined out of 5

Keywords: how to, technet guide, fortigate remote access ipsec vpn configuration, ssl vpn, remote access vpn, fortigate firewall, fortigate remote access, ipsec vpn remote access, forticlient vpn, fortigate vpn client to site, fortigate ipsec vpn client to site configuration, fortigate ssl vpn configuration, fortigate vpn configuration, how to configure remote access vpn on fortigate

Id: zRFhBJU1e-o

Channel Id: undefined

Length: 14min 5sec (845 seconds)

Published: Fri Jan 06 2023