Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 7.4.11
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    User Guide

    7.4.11
    7.4.11
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.0.15
    6.0.14
    6.0.13
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.3.8
    5.3.7
    5.3.6
    5.3.5
    5.3.4
    5.3.3
    5.3.2
    5.3.0
    5.2.0
    4.1.0

    Configuring SSL-VPN

    Configuring SSL-VPN

    SSL-VPN portal configuration

    To create or edit an SSL VPN portal:

    1. In Security > Network, select SSL-VPN Portals from the VPN dropdown menu.

    2. Click Create or select a configuration and click Edit.

    3. In the form, enter the following information:

      Settings

      Guidelines

      Name

      Enter a name for this SSL VPN portal. The value is a string with a maximum of 35 characters.

      Limit Users to One SSL-VPN Connection at a Time

      Enable or disable this limit.

      Allow User Access

      Select the protocols to allow.

      Tunnel Mode

      Enable or disable tunnel mode.

      Split tunneling

      Choose from the following options:

      • Disabled: All client traffic will be directed over the SSL VPN tunnel.

      • Enabled Based on Policy Destination: Only client traffic with a destination that matches the destination of the configured firewall policy will be directed over the SSL VPN tunnel.

      • Enabled for Trusted Destinations: Only client traffic that does not match explicitly trusted destinations will be directed over the SSL VPN tunnel.

      This field is only available when Tunnel Mode is enabled.

      Routing Address Override

      Select the destination network that will be routed through the tunnel.

      This field is only available when Split tunneling is enabled.

      Source IP Pools

      Select the source IP pools from which users acquire an IP address when connecting to the portal.

      This field is only available when Tunnel Mode is enabled.

      Web Mode

      Enable or disable the SSL VPN web portal.

      Portal Message

      Enter a message that appears at the top of the web portal screen. The default is SSL-VPN Portal.

      This field is only available when Web Mode is enabled.

      Theme

      Select the theme to use for the portal login page.

      This field is only available when Web Mode is enabled.

      Show Session Information

      Enable or disable display of session information in the top banner of the web portal.

      This field is only available when Web Mode is enabled.

      Show Connection Launcher

      Enable or disable display of the Quick Connection button.

      This field is only available when Web Mode is enabled.

      Show Login History

      Enable or disable display of the user's login history.

      This field is only available when Web Mode is enabled.

      User Bookmarks

      Enable or disable user bookmarks. If enabled, users can save their own bookmarks.

      This field is only available when Web Mode is enabled.

      Rewrite Content IP/UI/

      Enable or disable contents rewrite for URIs containing IP-address/ui/.

      This field is only available when Web Mode is enabled.

      RDP/VNC clipboard

      Enable or disable support of RDP/VPC clipboard functionality.

      This field is only available when Web Mode is enabled.

      Predefined Bookmarks

      Define VPN portal bookmarks that will be visible to users. See Predefined bookmarks.

      This field is only available when Web Mode is enabled.

    4. Click Save.

    Predefined bookmarks

    To configure a predefineed bookmark:

    1. In Predefined Bookmarks, click Create or select an existing bookmark and click Edit.

    2. In the form, enter the following information:

      Settings

      Guidelines

      Name

      Enter a display name for this bookmark.

      Type

      Select the protocol type from the following:

      • FTP

      • HTTP/HTTPS

      • RDP

      • SFTP

      • SMB

      • SSH

      • TELNET

      • VNC

      URL

      Enter the bookmark URL.

      This field is only available when Type is set to HTTP/HTTPS,

      Folder

      Enter the bookmark destination folder.

      This field is only available when Type is set to FTP, SFTP, or SMB.

      Host

      Enter the bookmark host.

      This field is only available when Type is set to RDP, SSH, TELNET, or VNC.

      Port

      Enter the destination port.

      This field is only available when Type is set to RDP or VNC.

      Description

      		 Optionally, enter a description for this bookmark.

      Single Sign-On

      Select the type of single sign-on to use for this bookmark. The following options are available:

      • Disabled: Disable Single sign-on.

      • SSL-VPN Login: Use the SSL-VPN single sign-on.

      • Alternative: Specify alternative login credentials.

        This option is only available when Type is set to FTP, HTTP/HTTPS, SFTP, or SMB.

      This field is only available when Type is set to FTP, HTTP/HTTPS, RDP, SFTP, or SMB.

      SSO Username

      Specify the SSO username.

      This field is only available when Single Sign-On is set to Alternative and Type is set to FTP, HTTP/HTTPS, SFTP, or SMB.

      SSO Password

      Specify the SSO password.

      This field is only available when Single Sign-On is set to Alternative and Type is set to FTP, HTTP/HTTPS, SFTP, or SMB.

      Username

      Enter the username.

      This field is only available when Type is RDP.

      Password

      Enter the password.

      This field is only available when Type is set to RDP or VNC. In the case of RDP, this field is only available when Single Sign-On is Disabled.

      SSO form data

      Configure additional sign-on form fields.

      This field is only available when Type is set to HTTP/HTTPS and Single Sign-On is set to SSL-VPN Login or Alternative.

      Color Depth

      Select the color depth.

      This field is only available when Type is RDP.

      Screen Width

      Specify the screen width.

      This field is only available when Type is RDP.

      Screen Height

      Specify the screen height.

      This field is only available when Type is RDP.

      Keyboard Layout

      Select the keyboard layout from the available options.

      This field is only available when Type is RDP.

      Security

      Select the security type from the available options.

      This field is only available when Type is RDP.

    3. Click Save.

    SSL-VPN settings

    To edit SSL VPN settings:

    1. In Security > Network, select SSL-VPN Settings from the VPN dropdown menu.

    2. In the form, enter the following information:

      Settings

      Guidelines

      Enable SSL-VPN

      Enable or disable SSL VPN.

      Listen on Interface(s)

      Select the interfaces to listen on for SSL VPN connections.

      Listen on Port

      Enter the port to listen on for SSL VPN connections.

      Server Certificate

      Select the server certificate.

      Redirect HTTP to SSL-VPN

      Enable or disable redirect of HTTP traffic to the SSL VPN tunnel.

      Restrict Access

      Select the access restriction from the following options:

      • Allow access from any host: Access is not restricted by host.

      • Limit access to specific hosts: Restrict access to the hosts specified in Hosts.

      Idle Logout

      Enable or disable logout of users after a period of inactivity, then enter the time, in seconds, in Inactive For.

      Require Client Certificate

      Enable to require an additional check of the client certificate.

      Address Range

      Specify the address range to assign to clients. Choose from the following options:

      • Automatically assign addresses: Allow the system to automatically assign IP addresses to connected clients.

      • Specify custom IP ranges: Select IP ranges in IP Ranges.

      DNS Server

      Select Same as client system DNS or select Specify then enter the DNS servers in DNS Server #1 and DNS Server #2.

      Specify WINS Servers

      Enable or disable specifying WINS servers, then enter the WINS servers in WINS Server #1 and WINS Server #2.

      Language

      Specify the language to use for the web portal in web mode. Choose from the following options:

      • Browser preference: Allow the user's browser to specify the language.

      • System: The web portal uses the same language as the system language.

      Authentication/Portal Mapping

      Add or edit mappings between Users/Groups and a Portal.

    3. Click Save.

    Previous
    Next

    Configuring SSL-VPN

    Configuring SSL-VPN

    SSL-VPN portal configuration

    To create or edit an SSL VPN portal:

    1. In Security > Network, select SSL-VPN Portals from the VPN dropdown menu.

    2. Click Create or select a configuration and click Edit.

    3. In the form, enter the following information:

      Settings

      Guidelines

      Name

      Enter a name for this SSL VPN portal. The value is a string with a maximum of 35 characters.

      Limit Users to One SSL-VPN Connection at a Time

      Enable or disable this limit.

      Allow User Access

      Select the protocols to allow.

      Tunnel Mode

      Enable or disable tunnel mode.

      Split tunneling

      Choose from the following options:

      • Disabled: All client traffic will be directed over the SSL VPN tunnel.

      • Enabled Based on Policy Destination: Only client traffic with a destination that matches the destination of the configured firewall policy will be directed over the SSL VPN tunnel.

      • Enabled for Trusted Destinations: Only client traffic that does not match explicitly trusted destinations will be directed over the SSL VPN tunnel.

      This field is only available when Tunnel Mode is enabled.

      Routing Address Override

      Select the destination network that will be routed through the tunnel.

      This field is only available when Split tunneling is enabled.

      Source IP Pools

      Select the source IP pools from which users acquire an IP address when connecting to the portal.

      This field is only available when Tunnel Mode is enabled.

      Web Mode

      Enable or disable the SSL VPN web portal.

      Portal Message

      Enter a message that appears at the top of the web portal screen. The default is SSL-VPN Portal.

      This field is only available when Web Mode is enabled.

      Theme

      Select the theme to use for the portal login page.

      This field is only available when Web Mode is enabled.

      Show Session Information

      Enable or disable display of session information in the top banner of the web portal.

      This field is only available when Web Mode is enabled.

      Show Connection Launcher

      Enable or disable display of the Quick Connection button.

      This field is only available when Web Mode is enabled.

      Show Login History

      Enable or disable display of the user's login history.

      This field is only available when Web Mode is enabled.

      User Bookmarks

      Enable or disable user bookmarks. If enabled, users can save their own bookmarks.

      This field is only available when Web Mode is enabled.

      Rewrite Content IP/UI/

      Enable or disable contents rewrite for URIs containing IP-address/ui/.

      This field is only available when Web Mode is enabled.

      RDP/VNC clipboard

      Enable or disable support of RDP/VPC clipboard functionality.

      This field is only available when Web Mode is enabled.

      Predefined Bookmarks

      Define VPN portal bookmarks that will be visible to users. See Predefined bookmarks.

      This field is only available when Web Mode is enabled.

    4. Click Save.

    Predefined bookmarks

    To configure a predefineed bookmark:

    1. In Predefined Bookmarks, click Create or select an existing bookmark and click Edit.

    2. In the form, enter the following information:

      Settings

      Guidelines

      Name

      Enter a display name for this bookmark.

      Type

      Select the protocol type from the following:

      • FTP

      • HTTP/HTTPS

      • RDP

      • SFTP

      • SMB

      • SSH

      • TELNET

      • VNC

      URL

      Enter the bookmark URL.

      This field is only available when Type is set to HTTP/HTTPS,

      Folder

      Enter the bookmark destination folder.

      This field is only available when Type is set to FTP, SFTP, or SMB.

      Host

      Enter the bookmark host.

      This field is only available when Type is set to RDP, SSH, TELNET, or VNC.

      Port

      Enter the destination port.

      This field is only available when Type is set to RDP or VNC.

      Description

      		 Optionally, enter a description for this bookmark.

      Single Sign-On

      Select the type of single sign-on to use for this bookmark. The following options are available:

      • Disabled: Disable Single sign-on.

      • SSL-VPN Login: Use the SSL-VPN single sign-on.

      • Alternative: Specify alternative login credentials.

        This option is only available when Type is set to FTP, HTTP/HTTPS, SFTP, or SMB.

      This field is only available when Type is set to FTP, HTTP/HTTPS, RDP, SFTP, or SMB.

      SSO Username

      Specify the SSO username.

      This field is only available when Single Sign-On is set to Alternative and Type is set to FTP, HTTP/HTTPS, SFTP, or SMB.

      SSO Password

      Specify the SSO password.

      This field is only available when Single Sign-On is set to Alternative and Type is set to FTP, HTTP/HTTPS, SFTP, or SMB.

      Username

      Enter the username.

      This field is only available when Type is RDP.

      Password

      Enter the password.

      This field is only available when Type is set to RDP or VNC. In the case of RDP, this field is only available when Single Sign-On is Disabled.

      SSO form data

      Configure additional sign-on form fields.

      This field is only available when Type is set to HTTP/HTTPS and Single Sign-On is set to SSL-VPN Login or Alternative.

      Color Depth

      Select the color depth.

      This field is only available when Type is RDP.

      Screen Width

      Specify the screen width.

      This field is only available when Type is RDP.

      Screen Height

      Specify the screen height.

      This field is only available when Type is RDP.

      Keyboard Layout

      Select the keyboard layout from the available options.

      This field is only available when Type is RDP.

      Security

      Select the security type from the available options.

      This field is only available when Type is RDP.

    3. Click Save.

    SSL-VPN settings

    To edit SSL VPN settings:

    1. In Security > Network, select SSL-VPN Settings from the VPN dropdown menu.

    2. In the form, enter the following information:

      Settings

      Guidelines

      Enable SSL-VPN

      Enable or disable SSL VPN.

      Listen on Interface(s)

      Select the interfaces to listen on for SSL VPN connections.

      Listen on Port

      Enter the port to listen on for SSL VPN connections.

      Server Certificate

      Select the server certificate.

      Redirect HTTP to SSL-VPN

      Enable or disable redirect of HTTP traffic to the SSL VPN tunnel.

      Restrict Access

      Select the access restriction from the following options:

      • Allow access from any host: Access is not restricted by host.

      • Limit access to specific hosts: Restrict access to the hosts specified in Hosts.

      Idle Logout

      Enable or disable logout of users after a period of inactivity, then enter the time, in seconds, in Inactive For.

      Require Client Certificate

      Enable to require an additional check of the client certificate.

      Address Range

      Specify the address range to assign to clients. Choose from the following options:

      • Automatically assign addresses: Allow the system to automatically assign IP addresses to connected clients.

      • Specify custom IP ranges: Select IP ranges in IP Ranges.

      DNS Server

      Select Same as client system DNS or select Specify then enter the DNS servers in DNS Server #1 and DNS Server #2.

      Specify WINS Servers

      Enable or disable specifying WINS servers, then enter the WINS servers in WINS Server #1 and WINS Server #2.

      Language

      Specify the language to use for the web portal in web mode. Choose from the following options:

      • Browser preference: Allow the user's browser to specify the language.

      • System: The web portal uses the same language as the system language.

      Authentication/Portal Mapping

      Add or edit mappings between Users/Groups and a Portal.

    3. Click Save.

    Previous
    Next