FortiGate Cookbook - SSL VPN Web/Tunnel Mode (5.6)

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
in this video you will create an ssl VPN to allow remote users to access resources on the internal network users will connect to the VPN using either web mode with a web browser or tunnel mode with 40 client in this example users will use the VPN to access a 40 gate acting as an internal segmentation firewall for users connecting via tunnel mode traffic to the Internet will also flow through the 40 gate in order to apply security scanning to this traffic during the connection phase the FortiGate will also run an anti-virus host check to make sure the user has up-to-date protection go to user and device user definition to create a local user account for an SSL VPN user go to user and device user groups to create a user group for sslvpn users and adds a new user account to the group you go to VPN SSL VPN portals and edit the full access portal this portal allows access using both web and tunnel mode make sure enable foot tunneling is not selected so that all Internet traffic will go through the FortiGate in tunnel mode set source IP pools to use a default IP range under predefined bookmarks click create new to add a new bookmark bookmarks are links to internal network resources in this example a bookmark is added to connect to the internal 40 gate you go to VPN SSL VPN settings and set listen to an interface to win to avoid port conflicts set listen on port 210 443 set restrict access to allow access from any host in this example the fort net factory certificate is used as the server certificate it is however recommended that you purchase a certificate for your domain and upload it for use with an SSL VPN under channel loads client settings set IP range to use a default IP range under authentication portal mapping select create new to add the SSL VPN user groups and map it to the full access portal if necessary map a portal for all other users and groups go to policy and objects addresses to add an address for the local network set type 2 IP net mask subnet IP range to the local subnet an interface to an internal port you go to policy and objects ipv4 policy add a security policy allowing access to the internal network through the VPN tunnel interface set incoming interface to SSL route an outgoing interface to the local network interface select source and set address to all and user to the SSL VPN user group set destination address to the local network address service to all and enable math configure any remaining firewall and security options as desired add a second security policy allowing ssl VPN access to the Internet for this policy incoming interface is set to SSL route outgoing interface is set to win one and destination is set to all connect to the CLI console and enter the following commands to enable the FortiGate to check for compliance antivirus software on the remote users computer the steps for connecting to the sslvpn differ depending on whether you're using web or tunnel mode for web mode connect to the ssl VPN using a supported browser use the sslvpn users credentials to authenticate the web portal appears in this example selecting the bookmark allows you to connect to the internal FortiGate using HTTPS to connect the Internet select quick connection enter the URL of the website you wish to access and select launch the website loads you can also use a quick connection for other types of traffic such as SSH an SSH connection will open in your browser connecting to the requested hosts Java is required for an SSH connection on the FortiGate go to monitor sslvpn monitor the user is shown connected to the VPN for tunnel mode if you have not done so already download 40 client from WWE 40 client comm open the 40 client console and go to remote access add a new connection set VPN types to SSL VPN and site remote gateway to the IP of a listening for de gate interface select Customize port and set it to 10 443 connect to the VPN using the sslvpn users credentials you are able to connect to the VPN tunnel on the FortiGate co2 sslvpn monitor the user is shown connected to the VPN thank you for watching for more tutorials like this one please subscribe to our channel you can also read a text version of this recipe on the Fortinet cookbook website
Info
Channel: Fortinet
Views: 150,065
Rating: undefined out of 5
Keywords: Fortinet, FortiOS, FortiGate, 5.6, network, security, firewall, SSLVPN, SSL, VPN, Virtual Private Network, Cybersecurity, Network Security, Fortinet Tutorial, Fortinet Demo, FortiGate 5.6, Cookbook, FortiGate Cookbook, FortiClient, VPN Tunneling, ssl vpn, fortigate ssl vpn, ssl vpn fortigate, fortigate vpn
Id: IFqsfz6Bto0
Channel Id: undefined
Length: 7min 55sec (475 seconds)
Published: Wed Apr 12 2017
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.