Fortinet black logo

User Guide

Home FortiPortal 7.2.3 User Guide
7.2.3
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.0.15
6.0.14
6.0.13
6.0.12
6.0.11
6.0.10
6.0.9
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.3.8
5.3.7
5.3.6
5.3.5
5.3.4
5.3.3
5.3.2
5.3.0
5.2.0
4.1.0

Configuring SSL VPN

Configuring SSL VPN

To create or edit an SSL VPN portal:

  1. In Security > Network, select SSL-VPN Portals from the VPN dropdown menu.

  2. Click Create or select a configuration and click Edit.

  3. In the form, enter the following information:

    Settings

    Guidelines

    Name

    Enter a name for this SSL VPN portal. The value is a string with a maximum of 35 characters.

    Limit Users to One SSL-VPN Connection at a Time

    Enable or disable this limit.

    Tunnel Mode

    Enable or disable tunnel mode.

    Split tunneling

    Choose from the following options:

    • Disabled: All client traffic will be directed over the SSL VPN tunnel.

    • Enabled Based on Policy Destination: Only client traffic with a destination that matches the destination of the configured firewall policy will be directed over the SSL VPN tunnel.

    • Enabled for Trusted Destinations: Only client traffic that does not match explicitly trusted destinations will be directed over the SSL VPN tunnel.

    This field is only available when Tunnel Mode is enabled.

    Routing Address Override

    Select the destination network that will be routed through the tunnel.

    This field is only available when Split tunneling is enabled.

    Source IP Pools

    Select the source IP pools from which users acquire an IP address when connecting to the portal.

    This field is only available when Tunnel Mode is enabled.

    Web Mode

    Enable or disable the SSL VPN web portal.

    Portal Message

    Enter a message that appears at the top of the web portal screen. The default is SSL-VPN Portal.

    This field is only available when Web Mode is enabled.

    Theme

    Select the theme to use for the portal login page.

    This field is only available when Web Mode is enabled.

    Show Session Information

    Enable or disable display of session information in the top banner of the web portal.

    This field is only available when Web Mode is enabled.

    Show Connection Launcher

    Enable or disable display of the Quick Connection button.

    This field is only available when Web Mode is enabled.

    Show Login History

    Enable or disable display of the user's login history.

    This field is only available when Web Mode is enabled.

    User Bookmarks

    Enable or disable user bookmarks. If enabled, users can save their own bookmarks.

    This field is only available when Web Mode is enabled.

    Rewrite Content IP/UI/

    Enable or disable contents rewrite for URIs containing IP-address/ui/.

    This field is only available when Web Mode is enabled.

    RDP/VNC clipboard

    Enable or disable support of RDP/VPC clipboard functionality.

    This field is only available when Web Mode is enabled.

  4. Click Save.

To edit SSL VPN settings:

  1. In Security > Network, select SSL-VPN Settings from the VPN dropdown menu.

  2. In the form, enter the following information:

    Settings

    Guidelines

    Enable SSL-VPN

    Enable or disable SSL VPN.

    Listen on Interface(s)

    Select the interfaces to listen on for SSL VPN connections.

    Listen on Port

    Enter the port to listen on for SSL VPN connections.

    Server Certificate

    Select the server certificate.

    Redirect HTTP to SSL-VPN

    Enable or disable redirect of HTTP traffic to the SSL VPN tunnel.

    Restrict Access

    Select the access restriction from the following options:

    • Allow access from any host: Access is not restricted by host.

    • Limit access to specific hosts: Restrict access to the hosts specified in Hosts.

    Idle Logout

    Enable or disable logout of users after a period of inactivity, then enter the time, in seconds, in Inactive For.

    Require Client Certificate

    Enable to require an additional check of the client certificate.

    Address Range

    Specify the address range to assign to clients. Choose from the following options:

    • Automatically assign addresses: Allow the system to automatically assign IP addresses to connected clients.

    • Specify custom IP ranges: Select IP ranges in IP Ranges.

    DNS Server

    Select Same as client system DNS or select Specify then enter the DNS servers in DNS Server #1 and DNS Server #2.

    Specify WINS Servers

    Enable or disable specifying WINS servers, then enter the WINS servers in WINS Server #1 and WINS Server #2.

    Language

    Specify the language to use for the web portal in web mode. Choose from the following options:

    • Browser preference: Allow the user's browser to specify the language.

    • System: The web portal uses the same language as the system language.

    Authentication/Portal Mapping

    Add or edit mappings between Users/Groups and a Portal.

  3. Click Save.

Previous
Next

Configuring SSL VPN

To create or edit an SSL VPN portal:

  1. In Security > Network, select SSL-VPN Portals from the VPN dropdown menu.

  2. Click Create or select a configuration and click Edit.

  3. In the form, enter the following information:

    Settings

    Guidelines

    Name

    Enter a name for this SSL VPN portal. The value is a string with a maximum of 35 characters.

    Limit Users to One SSL-VPN Connection at a Time

    Enable or disable this limit.

    Tunnel Mode

    Enable or disable tunnel mode.

    Split tunneling

    Choose from the following options:

    • Disabled: All client traffic will be directed over the SSL VPN tunnel.

    • Enabled Based on Policy Destination: Only client traffic with a destination that matches the destination of the configured firewall policy will be directed over the SSL VPN tunnel.

    • Enabled for Trusted Destinations: Only client traffic that does not match explicitly trusted destinations will be directed over the SSL VPN tunnel.

    This field is only available when Tunnel Mode is enabled.

    Routing Address Override

    Select the destination network that will be routed through the tunnel.

    This field is only available when Split tunneling is enabled.

    Source IP Pools

    Select the source IP pools from which users acquire an IP address when connecting to the portal.

    This field is only available when Tunnel Mode is enabled.

    Web Mode

    Enable or disable the SSL VPN web portal.

    Portal Message

    Enter a message that appears at the top of the web portal screen. The default is SSL-VPN Portal.

    This field is only available when Web Mode is enabled.

    Theme

    Select the theme to use for the portal login page.

    This field is only available when Web Mode is enabled.

    Show Session Information

    Enable or disable display of session information in the top banner of the web portal.

    This field is only available when Web Mode is enabled.

    Show Connection Launcher

    Enable or disable display of the Quick Connection button.

    This field is only available when Web Mode is enabled.

    Show Login History

    Enable or disable display of the user's login history.

    This field is only available when Web Mode is enabled.

    User Bookmarks

    Enable or disable user bookmarks. If enabled, users can save their own bookmarks.

    This field is only available when Web Mode is enabled.

    Rewrite Content IP/UI/

    Enable or disable contents rewrite for URIs containing IP-address/ui/.

    This field is only available when Web Mode is enabled.

    RDP/VNC clipboard

    Enable or disable support of RDP/VPC clipboard functionality.

    This field is only available when Web Mode is enabled.

  4. Click Save.

To edit SSL VPN settings:

  1. In Security > Network, select SSL-VPN Settings from the VPN dropdown menu.

  2. In the form, enter the following information:

    Settings

    Guidelines

    Enable SSL-VPN

    Enable or disable SSL VPN.

    Listen on Interface(s)

    Select the interfaces to listen on for SSL VPN connections.

    Listen on Port

    Enter the port to listen on for SSL VPN connections.

    Server Certificate

    Select the server certificate.

    Redirect HTTP to SSL-VPN

    Enable or disable redirect of HTTP traffic to the SSL VPN tunnel.

    Restrict Access

    Select the access restriction from the following options:

    • Allow access from any host: Access is not restricted by host.

    • Limit access to specific hosts: Restrict access to the hosts specified in Hosts.

    Idle Logout

    Enable or disable logout of users after a period of inactivity, then enter the time, in seconds, in Inactive For.

    Require Client Certificate

    Enable to require an additional check of the client certificate.

    Address Range

    Specify the address range to assign to clients. Choose from the following options:

    • Automatically assign addresses: Allow the system to automatically assign IP addresses to connected clients.

    • Specify custom IP ranges: Select IP ranges in IP Ranges.

    DNS Server

    Select Same as client system DNS or select Specify then enter the DNS servers in DNS Server #1 and DNS Server #2.

    Specify WINS Servers

    Enable or disable specifying WINS servers, then enter the WINS servers in WINS Server #1 and WINS Server #2.

    Language

    Specify the language to use for the web portal in web mode. Choose from the following options:

    • Browser preference: Allow the user's browser to specify the language.

    • System: The web portal uses the same language as the system language.

    Authentication/Portal Mapping

    Add or edit mappings between Users/Groups and a Portal.

  3. Click Save.

Previous
Next