Fortinet black logo

Administration Guide

Configuring and applying a Remote Access profile

Configuring and applying a Remote Access profile

To configure a Remote Access profile on EMS:
  1. In EMS, go to Endpoint Profiles > Remote Access. Click +Add to create a new profile.
  2. For Name, enter Machine-VPN
  3. In Advanced view, under General, enable Show VPN before Logon.
  4. Under SSL VPN, enable Enable Invalid Server Certificate Warning.
  5. Create the VPN tunnel:
    1. Under VPN Tunnels, click +Add Tunnel.
    2. In the VPN tunnel wizard, do the following:
    3. Select the VPN Type Manual, then click Next.
    4. Under Basic Settings, set the following values:

      Field

      Value/configuration

      Name

      machine-cert-tunnel

      Type

      SSL VPN

      Remote Gateway

      fgt.ztnademo.com/pki-ldap-machine

      fgt.ztnademo.com resolves to 10.0.3.254. /pki-ldap-machine is the realm used for this VPN.

      Port

      10443

      Require Certificate

      Enable

      Prompt for Username

      Disable

    5. Under Advanced Settings, enable Allow Non-Administrators to Use Machine Certificates.
    6. Click Save to save the tunnel.
  6. Click Save to save the Remote Access profile.
  7. In XML view, click Edit.
  8. Locate the machine-cert-tunnel connection. Under this connection, set the following settings:

    <machine>1</machine>

    <keep_running>1</keep_running>

  9. Click Save.

To apply the Remote Access profile to an endpoint policy:
  1. From Endpoint Policy & Components > Manage Policies, select the policy that is being applied to your endpoint, and click Edit.
  2. Under Profile, change the VPN selection to Machine-VPN.
  3. Click Save.

Configuring and applying a Remote Access profile

To configure a Remote Access profile on EMS:
  1. In EMS, go to Endpoint Profiles > Remote Access. Click +Add to create a new profile.
  2. For Name, enter Machine-VPN
  3. In Advanced view, under General, enable Show VPN before Logon.
  4. Under SSL VPN, enable Enable Invalid Server Certificate Warning.
  5. Create the VPN tunnel:
    1. Under VPN Tunnels, click +Add Tunnel.
    2. In the VPN tunnel wizard, do the following:
    3. Select the VPN Type Manual, then click Next.
    4. Under Basic Settings, set the following values:

      Field

      Value/configuration

      Name

      machine-cert-tunnel

      Type

      SSL VPN

      Remote Gateway

      fgt.ztnademo.com/pki-ldap-machine

      fgt.ztnademo.com resolves to 10.0.3.254. /pki-ldap-machine is the realm used for this VPN.

      Port

      10443

      Require Certificate

      Enable

      Prompt for Username

      Disable

    5. Under Advanced Settings, enable Allow Non-Administrators to Use Machine Certificates.
    6. Click Save to save the tunnel.
  6. Click Save to save the Remote Access profile.
  7. In XML view, click Edit.
  8. Locate the machine-cert-tunnel connection. Under this connection, set the following settings:

    <machine>1</machine>

    <keep_running>1</keep_running>

  9. Click Save.

To apply the Remote Access profile to an endpoint policy:
  1. From Endpoint Policy & Components > Manage Policies, select the policy that is being applied to your endpoint, and click Edit.
  2. Under Profile, change the VPN selection to Machine-VPN.
  3. Click Save.