Setup SSL VPN Web & Tunnel Modes

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
[Music] in this video we will show how to set up SSL VPN connection ssl VPN enables remote users to access private network resources very secure pathway we are going to look at two different ssl VPN scenarios it's a cell VPN web mode allows remote users to securely access all applications in the web browser the limitation of the web-based mode is that the remote user can only access browser-based applications SSL VPN tunnel mode allows remote users to securely access web browser and non web browser-based applications in a private network SSL VPN tunnel mode can be configured as full tunnel or a split tunnel in the full tunnel mode scenario the remote user will access the internet via the security no using 40 client this of course can cause heavy load on the VPN connection and slow the connection speed in the split tunnel mode the remote user will access the private network through a secure VPN tunnel using the 40 client but the remote user will still be able to access the Internet directly without going through the SSL VPN the FortiGate setup falls the same steps for both the web and the tunnel mode with only minor differences we are going to configure the interface and the firewall address then we will create the user entry for the remote user and VPN portal after that we will configure VPN settings and create a firewall policy next we are going to connect to a fully Gate web interface we will configure the interface and the firewall address in our case the port one interface connects to the internal network and port 2 is the internet facing interface go to network interfaces and edit the internet facing interface set the AP network mask edit port one interface and set its IP network mask click ok next configure the user and the user group go to the user and device user definition to create a local user in the production environment you're more likely to add a group rather than a single user to create a user group go to the user and device user groups next configure the sslvpn portal go to VPN SSL VPN portals to create a VPN portal give it a name enable the tunnel mode if you're setting up SSL VPN for the tunnel mode configure the routing address and add the API range for the remote users configure the other options as applicable configure the host check the host check allows for the gate to refuse the connection to the remote user based on certain criteria for example if the user operating system or operating system type failed to meet certain criteria if applicable enable web mode in our case we will enable both the tunnel and the web modes configure the applicable options you can set up predefined bookmarks to this can save time for multiple remote users who would not have to define the bookmarks themselves you can also enable forticlient download for the remote users this way the remote users will have an option to download the forticlient from a specific location on the internal network next configure SSL VPN settings go to VPN SSL VPN settings fluor listen on interfaces select the internet-facing interface of the 48 in our case its port to set listen on port 210 443 notice that the IP address here is showing the internal IP address of the internet facing interface the remote user will actually be using an external IP mapped to this one choose a certificate for the server certificate the default is fortunate factory specify the mode for assigning client settings in those syndication portal mapping set the portal to the one you created earlier by default all users and user groups will use the same portal you can also send different users and user groups to different portals to do that create a new authentication portal mapping for users or user group configure as a cell VPN firewall policy go to policy and objects ipv4 policy fill in the firewall policy name incoming interface must be the SSL VPN tunnel interface choose the outgoing interface set the source to all if you have a specific user group added to the source as well set the destination in our case we will set it to all alternatively you can restrict the destination to a specific internal subnet set scheduled to always service to all an action to accept fill out the rest of the settings as needed enable this policy and click OK now that we have configured the SSL VPN settings we are going to simulate a remote user connection and see the results let's start with the SSL VPN web mode in the web browser we will log into the portal using the credentials you've setup remember that the remote user will need to use the external IP address of the internet facing interface in the portal with the predefined bookmark select the predefined bookmark to start a session users also have the ability to create their own bookmarks now I verified the list of active sslvpn users on the FortiGate side go to VPN monitor SSL VPN next we are going to look at the DPN connection using the tunnel mode download for decline from WWF or the client comm open the for declined console and go to remote access click on settings add a new connection set VPN type to SSL VPN set remote gateway to the AP of the listening 40 gate interface remember that the remote user will use the external facing IP address select Customize port and set it to 1 0 443 save your settings use the credentials you have set up to connect to the SSL VPN tunnel in case of the full tunnel mode all traffic will go through the VPN tunnel in case of the split down mode only the traffic to the private network will use the VPN tunnel the remote user will still access the internet through the local Gateway go to monitor SSL VPN monitor to verify the list of the active SSL VPN users this concludes our video thank you for watching and for more videos please go to video dot 40 Netcom [Music] [Music]
Info
Channel: Fortinet
Views: 25,985
Rating: undefined out of 5
Keywords: Fortinet, Palo Alto Networks, Check Point Software, Juniper Networks, Oracle Security, Cisco Secure, Sonic Wall, WatchGuard, McAfee
Id: SIpr-t4De5U
Channel Id: undefined
Length: 7min 22sec (442 seconds)
Published: Fri Mar 20 2020
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.