How to Setup SSL VPN on FortiGate Firewall: Step-by-Step Guide

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

welcome back to Zone forgeeks my name is Casey and in this episode we're going to be setting up an SSL VPN so remote users can access our Network now if you see my other videos you will notice that I finally got around to updating the firmware on my firewall so it might look a little different than my last videos but I am still using the same firewall as before in order to set up an SSL VPN we need to do four things in our firewall we need to assign IP addresses to the users who are connecting we need to set up users we need to configure the SSL VPN settings and then we need to make a rule to allow that traffic into our Network the Florida gate firewall already comes with a pre-configured address object you see that here you can edit the object and even have more than one as you see the pre-configured object only has about 10 addresses so that is the maximum number of concurrent users we can have if you need more you will need to edit the default object or create a new one one thing to note is that your IP address given to users should be an IP scheme that is not likely to be used by your users on their home network so avoid things like 192.168.1 or 10.1.1.1 try for unconventional IP addresses failure to do this might result in connection issues I'm going to use the default address object so there's nothing for me to do here and instead I'm going to go ahead and set up my users you can do this by creating a single user group or if you're a large organization you probably want to set up an OU in your active directory in my case I am just creating one user so I'm going to create a local account we're going to do this by going to user and authentication then user definitions now I want to create a new user so I click on create new local user and then next create a username and password I am going to set up two-factor authentication using the Florida token now for my firewall it comes with 240 tokens simply select the drop down menu and choose a token to be assigned to the user next you want to enter an email address this user will get an email with a QR code that they scan using the Florida token app on their phones as a side note there is an option to send in SMS text message I've never been able to get this to work and since email works just fine I haven't put much effort into getting that working after you hit next then submit check your email for your QR code it might take a few minutes and you should check your spam folder if you don't see it now that we have our user account we are going to configure our SSL VPN portal to do that navigate to VPN then SSL VPN portal you should have some pre-configured settings set up but if you don't click on create new if you already have a pre-configured tunnel click on it and select edit you'll want to copy the settings you see on your screen the name can be anything you want you want to enable tunnel mode and set enable based on policy destination under Source IP poles this is going to be where we created our address objects as I said before you can have more than one in my case I am going to leave it as the default make sure that the rest of your settings match mine and then click ok next we want to go to sslvpn settings you can copy my settings here if you wish the list amount interface option is where my VPN connections are going to be going to in this case they're going to my Wan connection make a note of the port number as you will need it to make the connection in the blue box it will show you the IP and Port that is needed to connect if you've seen my other videos you will know that my Wan IP is a private IP address and not a public one yours might be a public IP address we want to automatically assign IP addresses to new users and then click apply the last thing we need to do in our firewall is set to policy as I stated before I'd like to use names that make sense so I am setting my policy name as sslvp into LAN our incoming interface will be our SSL VPN tunnel our outgoing interface is going to be my primary switch but you might want to change this based on your own setup for our source we're going to allow all connections but we also need to set up at least one user or one User Group in this case I just have the one user so that's what I'm going to select our destination is going to be our internal Lan you might be wondering what the difference is between setting our outgoing interface to our main switch but still setting our destination to our internal land this is because a network can have multiple vlans or you might want to allow access to a single machine such as a file server we are going to set our services to all and finally disable that once you click on OK then your firewall is ready to receive your VPN connections [Music] now I am going to switch over to my laptop where we will use the 40 client software to set up and test our VPN connection everyone who is going to be connected to your VPN will need the Florida client software there will be a link to it in the description below installing it is just like installing any other software since I already have it installed I'm going to go ahead and launch it once we have the software launched we are going to click on remote access then configure VPN give your connection any name on the remote Gateway this will be your Wan IP address if you don't know what your Wan IP address is just Google what is my IP address and it should pop right up on your screen foreign next we want to check customized port and under the port number we specified on our firewall then click save enter your credentials that you created on your firewall then click connect I should also note that my laptop is connected to a cellular hotspot so it is not on the same network that I am trying to connect to after a few seconds you will be prompted to enter your token number from your 40 token app [Music] [Music] foreign [Music] as you can see we are now connected to our Network I can pull up command prompt and you can see I have two different IP addresses one for my connection to my hotspot and the other given by my firewall for my VPN connection [Music] I can also ping my firewall and ping my media server [Music] [Music] if you like this video please leave me a thumbs up and subscribe if you have a comment or question leave it below and I'll catch you on the next one thanks for watching

Info

Channel: Zoned For Geeks

Views: 10,881

Rating: undefined out of 5

Keywords: FortiGate Firewall, SSL VPN, VPN Configuration, Network Security, Cybersecurity, Network Infrastructure, Remote Access, Fortinet, VPN Setup, SSL VPN Setup, VPN Tutorial, Network Setup, Firewall Configuration, VPN Policy, VPN Client Configuration

Id: EOeKKLW4sm4

Channel Id: undefined

Length: 8min 21sec (501 seconds)

Published: Sat Apr 29 2023