config vpn ssl web portal
Portal.
config vpn ssl web portal
Description: Portal.
edit <name>
set allow-user-access {option1}, {option2}, ...
set auto-connect [enable|disable]
config bookmark-group
Description: Portal bookmark group.
edit <name>
config bookmarks
Description: Bookmark table.
edit <name>
set apptype [ftp|rdp|...]
set url {var-string}
set host {var-string}
set folder {var-string}
set additional-params {var-string}
set listening-port {integer}
set remote-port {integer}
set show-status-window [enable|disable]
set description {var-string}
set server-layout [de-de-qwertz|en-gb-qwerty|...]
set security [rdp|nla|...]
set preconnection-id {integer}
set preconnection-blob {var-string}
set load-balancing-info {var-string}
set port {integer}
set logon-user {var-string}
set logon-password {password}
set sso [disable|static|...]
config form-data
Description: Form data.
edit <name>
set value {var-string}
next
end
set sso-credential [sslvpn-login|alternative]
set sso-username {var-string}
set sso-password {password}
set sso-credential-sent-once [enable|disable]
next
end
next
end
set custom-lang {string}
set customize-forticlient-download-url [enable|disable]
set display-bookmark [enable|disable]
set display-connection-tools [enable|disable]
set display-history [enable|disable]
set display-status [enable|disable]
set dns-server1 {ipv4-address}
set dns-server2 {ipv4-address}
set dns-suffix {var-string}
set exclusive-routing [enable|disable]
set forticlient-download [enable|disable]
set forticlient-download-method [direct|ssl-vpn]
set heading {string}
set hide-sso-credential [enable|disable]
set host-check [none|av|...]
set host-check-interval {integer}
set host-check-policy <name1>, <name2>, ...
set ip-mode [range|user-group]
set ip-pools <name1>, <name2>, ...
set ipv6-dns-server1 {ipv6-address}
set ipv6-dns-server2 {ipv6-address}
set ipv6-exclusive-routing [enable|disable]
set ipv6-pools <name1>, <name2>, ...
set ipv6-service-restriction [enable|disable]
set ipv6-split-tunneling [enable|disable]
set ipv6-split-tunneling-routing-address <name1>, <name2>, ...
set ipv6-tunnel-mode [enable|disable]
set ipv6-wins-server1 {ipv6-address}
set ipv6-wins-server2 {ipv6-address}
set keep-alive [enable|disable]
set limit-user-logins [enable|disable]
set mac-addr-action [allow|deny]
set mac-addr-check [enable|disable]
config mac-addr-check-rule
Description: Client MAC address check rule.
edit <name>
set mac-addr-mask {integer}
set mac-addr-list <addr1>, <addr2>, ...
next
end
set macos-forticlient-download-url {var-string}
set os-check [enable|disable]
config os-check-list
Description: SSL VPN OS checks.
edit <name>
set action [deny|allow|...]
set tolerance {integer}
set latest-patch-level {user}
next
end
set redir-url {var-string}
set save-password [enable|disable]
set service-restriction [enable|disable]
set skip-check-for-browser [enable|disable]
set skip-check-for-unsupported-os [enable|disable]
set smb-max-version [smbv1|smbv2|...]
set smb-min-version [smbv1|smbv2|...]
set smb-ntlmv1-auth [enable|disable]
set smbv1 [enable|disable]
config split-dns
Description: Split DNS for SSL VPN.
edit <id>
set domains {var-string}
set dns-server1 {ipv4-address}
set dns-server2 {ipv4-address}
set ipv6-dns-server1 {ipv6-address}
set ipv6-dns-server2 {ipv6-address}
next
end
set split-tunneling [enable|disable]
set split-tunneling-routing-address <name1>, <name2>, ...
set theme [blue|green|...]
set transform-backward-slashes [enable|disable]
set tunnel-mode [enable|disable]
set use-sdwan [enable|disable]
set user-bookmark [enable|disable]
set user-group-bookmark [enable|disable]
set web-mode [enable|disable]
set windows-forticlient-download-url {var-string}
set wins-server1 {ipv4-address}
set wins-server2 {ipv4-address}
next
end
config vpn ssl web portal
|
Parameter |
Description |
Type |
Size |
|||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
allow-user-access |
Allow user access to SSL-VPN applications. |
option |
- |
|||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||
|
auto-connect |
Enable/disable automatic connect by client when system is up. |
option |
- |
|||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||
|
custom-lang |
Change the web portal display language. Overrides config system global set language. You can use config system custom-language and execute system custom-language to add custom language files. |
string |
Maximum length: 35 |
|||||||||||||||||||||||||
|
customize-forticlient-download-url |
Enable support of customized download URL for FortiClient. |
option |
- |
|||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||
|
display-bookmark |
Enable to display the web portal bookmark widget. |
option |
- |
|||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||
|
display-connection-tools |
Enable to display the web portal connection tools widget. |
option |
- |
|||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||
|
display-history |
Enable to display the web portal user login history widget. |
option |
- |
|||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||
|
display-status |
Enable to display the web portal status widget. |
option |
- |
|||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||
|
dns-server1 |
IPv4 DNS server 1. |
ipv4-address |
Not Specified |
|||||||||||||||||||||||||
|
dns-server2 |
IPv4 DNS server 2. |
ipv4-address |
Not Specified |
|||||||||||||||||||||||||
|
dns-suffix |
DNS suffix. |
var-string |
Maximum length: 253 |
|||||||||||||||||||||||||
|
exclusive-routing |
Enable/disable all traffic go through tunnel only. |
option |
- |
|||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||
|
forticlient-download |
Enable/disable download option for FortiClient. |
option |
- |
|||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||
|
forticlient-download-method |
FortiClient download method. |
option |
- |
|||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||
|
heading |
Web portal heading message. |
string |
Maximum length: 31 |
|||||||||||||||||||||||||
|
hide-sso-credential |
Enable to prevent SSO credential being sent to client. |
option |
- |
|||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||
|
host-check |
Type of host checking performed on endpoints. |
option |
- |
|||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||
|
host-check-interval |
Periodic host check interval. Value of 0 means disabled and host checking only happens when the endpoint connects. |
integer |
Minimum value: 120 Maximum value: 259200 |
|||||||||||||||||||||||||
|
host-check-policy |
One or more policies to require the endpoint to have specific security software. Host check software list name. |
string |
Maximum length: 79 |
|||||||||||||||||||||||||
|
ip-mode |
Method by which users of this SSL-VPN tunnel obtain IP addresses. |
option |
- |
|||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||
|
ip-pools |
IPv4 firewall source address objects reserved for SSL-VPN tunnel mode clients. Address name. |
string |
Maximum length: 79 |
|||||||||||||||||||||||||
|
ipv6-dns-server1 |
IPv6 DNS server 1. |
ipv6-address |
Not Specified |
|||||||||||||||||||||||||
|
ipv6-dns-server2 |
IPv6 DNS server 2. |
ipv6-address |
Not Specified |
|||||||||||||||||||||||||
|
ipv6-exclusive-routing |
Enable/disable all IPv6 traffic go through tunnel only. |
option |
- |
|||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||
|
ipv6-pools |
IPv4 firewall source address objects reserved for SSL-VPN tunnel mode clients. Address name. |
string |
Maximum length: 79 |
|||||||||||||||||||||||||
|
ipv6-service-restriction |
Enable/disable IPv6 tunnel service restriction. |
option |
- |
|||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||
|
ipv6-split-tunneling |
Enable/disable IPv6 split tunneling. |
option |
- |
|||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||
|
ipv6-split-tunneling-routing-address |
IPv6 SSL-VPN tunnel mode firewall address objects that override firewall policy destination addresses to control split-tunneling access. Address name. |
string |
Maximum length: 79 |
|||||||||||||||||||||||||
|
ipv6-tunnel-mode |
Enable/disable IPv6 SSL-VPN tunnel mode. |
option |
- |
|||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||
|
ipv6-wins-server1 |
IPv6 WINS server 1. |
ipv6-address |
Not Specified |
|||||||||||||||||||||||||
|
ipv6-wins-server2 |
IPv6 WINS server 2. |
ipv6-address |
Not Specified |
|||||||||||||||||||||||||
|
keep-alive |
Enable/disable automatic reconnect for FortiClient connections. |
option |
- |
|||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||
|
limit-user-logins |
Enable to limit each user to one SSL-VPN session at a time. |
option |
- |
|||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||
|
mac-addr-action |
Client MAC address action. |
option |
- |
|||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||
|
mac-addr-check |
Enable/disable MAC address host checking. |
option |
- |
|||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||
|
macos-forticlient-download-url |
Download URL for Mac FortiClient. |
var-string |
Maximum length: 1023 |
|||||||||||||||||||||||||
|
name |
Portal name. |
string |
Maximum length: 35 |
|||||||||||||||||||||||||
|
os-check |
Enable to let the FortiGate decide action based on client OS. |
option |
- |
|||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||
|
redir-url |
Client login redirect URL. |
var-string |
Maximum length: 255 |
|||||||||||||||||||||||||
|
save-password |
Enable/disable FortiClient saving the user's password. |
option |
- |
|||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||
|
service-restriction |
Enable/disable tunnel service restriction. |
option |
- |
|||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||
|
skip-check-for-browser |
Enable to skip host check for browser support. |
option |
- |
|||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||
|
skip-check-for-unsupported-os |
Enable to skip host check if client OS does not support it. |
option |
- |
|||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||
|
smb-max-version |
SMB maximum client protocol version. |
option |
- |
|||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||
|
smb-min-version |
SMB minimum client protocol version. |
option |
- |
|||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||
|
smb-ntlmv1-auth |
Enable support of NTLMv1 for Samba authentication. |
option |
- |
|||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||
|
smbv1 |
smbv1 |
option |
- |
|||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||
|
split-tunneling |
Enable/disable IPv4 split tunneling. |
option |
- |
|||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||
|
split-tunneling-routing-address |
IPv4 SSL-VPN tunnel mode firewall address objects that override firewall policy destination addresses to control split-tunneling access. Address name. |
string |
Maximum length: 79 |
|||||||||||||||||||||||||
|
theme |
Web portal color scheme. |
option |
- |
|||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||
|
transform-backward-slashes |
Transform backward slashes to forward slashes in URLs. |
option |
- |
|||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||
|
tunnel-mode |
Enable/disable IPv4 SSL-VPN tunnel mode. |
option |
- |
|||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||
|
use-sdwan |
Use SD-WAN rules to get output interface. |
option |
- |
|||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||
|
user-bookmark |
Enable to allow web portal users to create their own bookmarks. |
option |
- |
|||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||
|
user-group-bookmark |
Enable to allow web portal users to create bookmarks for all users in the same user group. |
option |
- |
|||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||
|
web-mode |
Enable/disable SSL VPN web mode. |
option |
- |
|||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||
|
windows-forticlient-download-url |
Download URL for Windows FortiClient. |
var-string |
Maximum length: 1023 |
|||||||||||||||||||||||||
|
wins-server1 |
IPv4 WINS server 1. |
ipv4-address |
Not Specified |
|||||||||||||||||||||||||
|
wins-server2 |
IPv4 WINS server 1. |
ipv4-address |
Not Specified |
|||||||||||||||||||||||||
config bookmark-group
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
name |
Bookmark group name. |
string |
Maximum length: 35 |
config bookmarks
|
Parameter |
Description |
Type |
Size |
|||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
name |
Bookmark name. |
string |
Maximum length: 35 |
|||||||||||||||||||||||||||||
|
apptype |
Application type. |
option |
- |
|||||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||||
|
url |
URL parameter. |
var-string |
Maximum length: 128 |
|||||||||||||||||||||||||||||
|
host |
Host name/IP parameter. |
var-string |
Maximum length: 128 |
|||||||||||||||||||||||||||||
|
folder |
Network shared file folder parameter. |
var-string |
Maximum length: 128 |
|||||||||||||||||||||||||||||
|
additional-params |
Additional parameters. |
var-string |
Maximum length: 128 |
|||||||||||||||||||||||||||||
|
listening-port |
Listening port. |
integer |
Minimum value: 0 Maximum value: 65535 |
|||||||||||||||||||||||||||||
|
remote-port |
Remote port. |
integer |
Minimum value: 0 Maximum value: 65535 |
|||||||||||||||||||||||||||||
|
show-status-window |
Enable/disable showing of status window. |
option |
- |
|||||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||||
|
description |
Description. |
var-string |
Maximum length: 128 |
|||||||||||||||||||||||||||||
|
server-layout |
Server side keyboard layout. |
option |
- |
|||||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||||
|
security |
Security mode for RDP connection. |
option |
- |
|||||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||||
|
preconnection-id |
The numeric ID of the RDP source. |
integer |
Minimum value: 0 Maximum value: 2147483648 |
|||||||||||||||||||||||||||||
|
preconnection-blob |
An arbitrary string which identifies the RDP source. |
var-string |
Maximum length: 511 |
|||||||||||||||||||||||||||||
|
load-balancing-info |
The load balancing information or cookie which should be provided to the connection broker. |
var-string |
Maximum length: 511 |
|||||||||||||||||||||||||||||
|
port |
Remote port. |
integer |
Minimum value: 0 Maximum value: 65535 |
|||||||||||||||||||||||||||||
|
logon-user |
Logon user. |
var-string |
Maximum length: 35 |
|||||||||||||||||||||||||||||
|
logon-password |
Logon password. |
password |
Not Specified |
|||||||||||||||||||||||||||||
|
sso |
Single Sign-On. |
option |
- |
|||||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||||
|
sso-credential |
Single sign-on credentials. |
option |
- |
|||||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||||
|
sso-username |
SSO user name. |
var-string |
Maximum length: 35 |
|||||||||||||||||||||||||||||
|
sso-password |
SSO password. |
password |
Not Specified |
|||||||||||||||||||||||||||||
|
sso-credential-sent-once |
Single sign-on credentials are only sent once to remote server. |
option |
- |
|||||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||||
config form-data
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
name |
Name. |
string |
Maximum length: 35 |
|
value |
Value. |
var-string |
Maximum length: 63 |
config mac-addr-check-rule
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
name |
Client MAC address check rule name. |
string |
Maximum length: 35 |
|
mac-addr-mask |
Client MAC address mask. |
integer |
Minimum value: 1 Maximum value: 48 |
|
mac-addr-list |
Client MAC address list. Client MAC address. |
mac-address |
Not Specified |
config os-check-list
|
Parameter |
Description |
Type |
Size |
|||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
name |
Name. |
string |
Maximum length: 35 |
|||||||||
|
action |
OS check options. |
option |
- |
|||||||||
|
|
|
|||||||||||
|
tolerance |
OS patch level tolerance. |
integer |
Minimum value: 0 Maximum value: 65535 |
|||||||||
|
latest-patch-level |
Latest OS patch level. |
user |
Not Specified |
|||||||||
config split-dns
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
id |
ID. |
integer |
Minimum value: 0 Maximum value: 4294967294 |
|
domains |
Split DNS domains used for SSL-VPN clients separated by comma(,). |
var-string |
Maximum length: 1024 |
|
dns-server1 |
DNS server 1. |
ipv4-address |
Not Specified |
|
dns-server2 |
DNS server 2. |
ipv4-address |
Not Specified |
|
ipv6-dns-server1 |
IPv6 DNS server 1. |
ipv6-address |
Not Specified |
|
ipv6-dns-server2 |
IPv6 DNS server 2. |
ipv6-address |
Not Specified |