Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiGate / FortiOS 6.4.14 Administration Guide
    6.4.14
    7.6.1
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0

    Web portal configurations

    Web portal configurations

    An SSL VPN web portal enables users to access network resources through a secure channel using a web browser. System administrators can configure log in privileges for users and which network resources are available to these users. The portal configuration determines what the user sees when they log in to the portal. Both system administrators and the users have the ability to customize the SSL VPN portal.

    There are three predefined default web portal configurations available:

    • full-access: connecting clients can either access protected resources through the SSL VPN web portal, or use FortiClient to connect through tunnel mode.
    • tunnel-access: connecting clients can only access protected resources with FortiClient connecting through tunnel mode.
    • web-access: connecting clients can only access protected resources through the SSL VPN web portal.

    Custom web portals can also be configured.

    To configure a custom web portal:

    1. Go to VPN > SSL-VPN Portals and click Create New.

    2. Configure the following settings as needed:

      GUI option

      Description

      Name

      Enter the portal name.

      Limit Users to One SSL-VPN Connection at a Time

      This option is disabled by default. When enabled, once a user logs in to the portal, they cannot go to another system and log in with the same credentials again.

      Tunnel Mode

      When enabled, only traffic that matches the destination address in the respective policies will be routed through the tunnel. If a Routing Address is provided, it will take precedence over the policy destination addresses.

      Routing Address

      Select the IPv4 SSL VPN tunnel mode firewall address that overrides the firewall policy destination addresses to control split tunneling access.

      Source IP Pools

      Select an IP pool for users to acquire an IP address when connecting to the portal.

      IPv6 Tunnel Mode

      When enabled, only traffic that matches the destination address in the respective policies will be routed through the tunnel. If a Routing Address is provided, it will take precedence over the policy destination addresses.

      Routing Address

      Select the IPv6 SSL VPN tunnel mode firewall address that overrides the firewall policy destination addresses to control split tunneling access.

      Source IPv6 Pools

      Select an IP pool for users to acquire an IP address when connecting to the portal.

      Tunnel Mode Client Options

      The following options affect how FortiClient behaves when connected to the VPN tunnel.

      Allow client to save password

      When enabled and if the user selects this option, their password is stored on the their computer and will automatically populate each time they connect to the VPN.

      Allow client to connect automatically

      When enabled and if the user selects this option, when FortiClient launches (such as after a reboot or system start up), FortiClient will automatically attempt to connect to the VPN.

      Allow client to keep connections alive

      When enabled and if the user selects this option, FortiClient will try to reconnect once it detects that the VPN connection is unexpectedly down (not manually disconnected by the user).

      DNS Split Tunneling

      When enabled, the Split DNS table is visible, where new DNS entries can be created. See SSL VPN split DNS for more details.

      Host Check

      When enabled, the type of host checking performed on endpoints can be configured (see Configuring OS and host check).

      Type

      There are three options:

      • Realtime AntiVirus: check for antivirus software recognized by the Windows Security Center.
      • Firewall: check for firewall software recognized by the Windows Security Center.
      • Enable both: check for antivirus and firewall software recognized by the Windows Security Center.

      Restrict to Specific OS Versions

      When enabled, access to certain operating systems can be denied or forced to check for an update. By default, all operating systems in the table are allowed (see Configuring OS and host check).

      Enable Web Mode

      Enable this option to configure the web portal settings.

      Portal Message

      Enter a message that appears at the top of the web portal screen (default = SSL-VPN Portal).

      Theme

      Select a color theme from the dropdown.

      Show Session Information

      Enable to display session information in the top banner of the web portal (username, amount of time logged in, and traffic statistics).

      Show Connection Launcher

      Enable to display the Quick Connection button.

      Show Login History

      Enable to display the user's login history (History).

      User Bookmarks

      Enable to allow users to add their own bookmarks (New Bookmark).

      Predefined Bookmarks

      Use the table to create and edit predefined bookmarks. See To create a predefined administrator bookmark in FortiOS: for more details.

      FortiClient Download

      Enable this option to display the Download FortiClient button.

      Download Method

      Select either Direct or SSL-VPN Proxy as the method to download FortiClient.

      Customize Download Location

      Enable to configure a custom download location for Windows or Mac.

    3. Click OK.

    Previous
    Next

    Web portal configurations

    Web portal configurations

    An SSL VPN web portal enables users to access network resources through a secure channel using a web browser. System administrators can configure log in privileges for users and which network resources are available to these users. The portal configuration determines what the user sees when they log in to the portal. Both system administrators and the users have the ability to customize the SSL VPN portal.

    There are three predefined default web portal configurations available:

    • full-access: connecting clients can either access protected resources through the SSL VPN web portal, or use FortiClient to connect through tunnel mode.
    • tunnel-access: connecting clients can only access protected resources with FortiClient connecting through tunnel mode.
    • web-access: connecting clients can only access protected resources through the SSL VPN web portal.

    Custom web portals can also be configured.

    To configure a custom web portal:

    1. Go to VPN > SSL-VPN Portals and click Create New.

    2. Configure the following settings as needed:

      GUI option

      Description

      Name

      Enter the portal name.

      Limit Users to One SSL-VPN Connection at a Time

      This option is disabled by default. When enabled, once a user logs in to the portal, they cannot go to another system and log in with the same credentials again.

      Tunnel Mode

      When enabled, only traffic that matches the destination address in the respective policies will be routed through the tunnel. If a Routing Address is provided, it will take precedence over the policy destination addresses.

      Routing Address

      Select the IPv4 SSL VPN tunnel mode firewall address that overrides the firewall policy destination addresses to control split tunneling access.

      Source IP Pools

      Select an IP pool for users to acquire an IP address when connecting to the portal.

      IPv6 Tunnel Mode

      When enabled, only traffic that matches the destination address in the respective policies will be routed through the tunnel. If a Routing Address is provided, it will take precedence over the policy destination addresses.

      Routing Address

      Select the IPv6 SSL VPN tunnel mode firewall address that overrides the firewall policy destination addresses to control split tunneling access.

      Source IPv6 Pools

      Select an IP pool for users to acquire an IP address when connecting to the portal.

      Tunnel Mode Client Options

      The following options affect how FortiClient behaves when connected to the VPN tunnel.

      Allow client to save password

      When enabled and if the user selects this option, their password is stored on the their computer and will automatically populate each time they connect to the VPN.

      Allow client to connect automatically

      When enabled and if the user selects this option, when FortiClient launches (such as after a reboot or system start up), FortiClient will automatically attempt to connect to the VPN.

      Allow client to keep connections alive

      When enabled and if the user selects this option, FortiClient will try to reconnect once it detects that the VPN connection is unexpectedly down (not manually disconnected by the user).

      DNS Split Tunneling

      When enabled, the Split DNS table is visible, where new DNS entries can be created. See SSL VPN split DNS for more details.

      Host Check

      When enabled, the type of host checking performed on endpoints can be configured (see Configuring OS and host check).

      Type

      There are three options:

      • Realtime AntiVirus: check for antivirus software recognized by the Windows Security Center.
      • Firewall: check for firewall software recognized by the Windows Security Center.
      • Enable both: check for antivirus and firewall software recognized by the Windows Security Center.

      Restrict to Specific OS Versions

      When enabled, access to certain operating systems can be denied or forced to check for an update. By default, all operating systems in the table are allowed (see Configuring OS and host check).

      Enable Web Mode

      Enable this option to configure the web portal settings.

      Portal Message

      Enter a message that appears at the top of the web portal screen (default = SSL-VPN Portal).

      Theme

      Select a color theme from the dropdown.

      Show Session Information

      Enable to display session information in the top banner of the web portal (username, amount of time logged in, and traffic statistics).

      Show Connection Launcher

      Enable to display the Quick Connection button.

      Show Login History

      Enable to display the user's login history (History).

      User Bookmarks

      Enable to allow users to add their own bookmarks (New Bookmark).

      Predefined Bookmarks

      Use the table to create and edit predefined bookmarks. See To create a predefined administrator bookmark in FortiOS: for more details.

      FortiClient Download

      Enable this option to display the Download FortiClient button.

      Download Method

      Select either Direct or SSL-VPN Proxy as the method to download FortiClient.

      Customize Download Location

      Enable to configure a custom download location for Windows or Mac.

    3. Click OK.

    Previous
    Next