Fortinet black logo

Administration Guide

Home FortiProxy 7.2.0 Administration Guide
7.2.0
7.4.3
7.4.2
7.4.1
7.4.0
7.2.10
7.2.9
7.2.8
7.2.7
7.2.0
7.0.17
7.0.0
2.0.0
1.2.0
1.1.0
1.0.0

Create or edit an SSL-VPN portal

Create or edit an SSL-VPN portal

Select Create New to open the New SSL-VPN Portal page.

Select an SSL-VPN portal from the list and then click Edit to open the Edit SSL-VPN Portal page.

Configure the following settings in the New SSL-VPN Portal page or Edit SSL-VPN Portal page and then click OK:

Name

The name for the portal. After you create the SSL-VPN portal, the name cannot be changed.

Limit Users to One SSL-VPN Connection at a Time

You can set the SSL VPN tunnel such that each user can only log into the tunnel one time concurrently per user per login. That is, after logging into the portal, they cannot go to another system and log in with the same credentials again. This option is disabled by default.

Tunnel Mode

Enable to determine how tunnel-mode clients are assigned IPv4 addresses.

Enable Split Tunneling

If you want to use split tunneling, select Enabled Based on Policy Destination or Enabled for Trusted Destinations.

Routing Address Override

If you enable split tunneling, you are required to set the routing address, which is the address that your corporate network is using. Traffic intended for the routing address is not split from the tunnel.

Source IP Pools

Select an IP pool for users to acquire an IP address when connecting to the portal. There is always a default pool available if you do not create your own.

IPv6 Tunnel Mode

Move the slider to determine how tunnel-mode clients are assigned IPv6 addresses.

Enable IPv6 Split Tunneling

Select Disabled, Enabled Based on Policy Destination, or Enabled for Trusted Destinations.

IPv6 Routing Address Override

If you enable split tunneling, you are required to set the IPv6 routing address, which is the address that your corporate network is using. Traffic intended for the routing address is not split from the tunnel.

Source IPv6 Pools

Select an IPv6 pool for users to acquire an IP address when connecting to the portal. There is always a default pool available if you do not create your own.

Allow client to save password

When enabled, if the user selects this option, their password is stored on the user’s computer and will automatically populate each time they connect to the VPN.

Allow client to connect automatically

When enabled, if the user selects this option, when the FortiClient application is launched, for example after a reboot or system startup, FortiClient will automatically attempt to connect to the VPN tunnel.

Allow client to keep connections alive

When enabled, if the user selects this option, the FortiClient should try to reconnect once it detects the VPN connection is down unexpectedly (not manually disconnected by user).

DNS Split Tunneling

Enable and then create or edit the DNS entry. See Create or edit a DNS entry.

Host Check

Enable and then select Realtime AntiVirus, Firewall, or Enable both.

Restrict to Specific OS Versions

Enable or disable.

Enable Web Mode

Enable for web-mode access.

Portal Message

This is a text header that appears on the top of the web portal.

Theme

Select a color styling specifically for the web portal.

Show Session Information

The Show Session Information widget displays the login name of the user, the amount of time the user has been logged in and the inbound and outbound traffic statistics.

Show Connection Launcher

Displays the Connection Launcher widget in the web portal.

Show Login History

Select to include user login history on the web portal.

User Bookmarks

Enable to allow users to add their own bookmarks in the web portal.

Rewrite Content IP/UI/

Enable or disable whether the content can be rewritten.

FDP/VNC clipboard

Enable or disable the FDP/VNC clipboard.

Create New

Create a bookmark. See Create or edit a bookmark.

Edit

Edit a selected bookmark. See Create or edit a bookmark.

Delete

Delete a selected bookmark.

Search

Enter a search term to find in the list.

Enable FortiClient Download

Enable to allow users to customize the download URL for FortiClient.

Download Method

If you enable FortiClient download, select whether FortiClient will directly download or use SSL-VPN proxy.

Customize Download Location

Enable to change the download location.

Windows

Enable to specify the Windows download location.

Mac

Enable to specify the Mac download location.

Disable the clipboard in SSL-VPN web-mode RDP connections

In web portal profiles, the clipboard can be disabled for SSL VPN web-mode RDP/VNC connections. Users will not be able to copy and paste content to or from the internal server.

To disable the RDP/VNC clipboard in the GUI:

  1. Go to VPN > SSL-VPN Portals.

  2. Select a portal and click Edit.

  3. Disable RDP/VNC clipboard.

  4. Click OK.

To disable the RDP/VNC clipboard in the CLI:
config vpn ssl web portal
    edit <portal_name>
        set clipboard disable
    next
end
Previous
Next

Create or edit an SSL-VPN portal

Select Create New to open the New SSL-VPN Portal page.

Select an SSL-VPN portal from the list and then click Edit to open the Edit SSL-VPN Portal page.

Configure the following settings in the New SSL-VPN Portal page or Edit SSL-VPN Portal page and then click OK:

Name

The name for the portal. After you create the SSL-VPN portal, the name cannot be changed.

Limit Users to One SSL-VPN Connection at a Time

You can set the SSL VPN tunnel such that each user can only log into the tunnel one time concurrently per user per login. That is, after logging into the portal, they cannot go to another system and log in with the same credentials again. This option is disabled by default.

Tunnel Mode

Enable to determine how tunnel-mode clients are assigned IPv4 addresses.

Enable Split Tunneling

If you want to use split tunneling, select Enabled Based on Policy Destination or Enabled for Trusted Destinations.

Routing Address Override

If you enable split tunneling, you are required to set the routing address, which is the address that your corporate network is using. Traffic intended for the routing address is not split from the tunnel.

Source IP Pools

Select an IP pool for users to acquire an IP address when connecting to the portal. There is always a default pool available if you do not create your own.

IPv6 Tunnel Mode

Move the slider to determine how tunnel-mode clients are assigned IPv6 addresses.

Enable IPv6 Split Tunneling

Select Disabled, Enabled Based on Policy Destination, or Enabled for Trusted Destinations.

IPv6 Routing Address Override

If you enable split tunneling, you are required to set the IPv6 routing address, which is the address that your corporate network is using. Traffic intended for the routing address is not split from the tunnel.

Source IPv6 Pools

Select an IPv6 pool for users to acquire an IP address when connecting to the portal. There is always a default pool available if you do not create your own.

Allow client to save password

When enabled, if the user selects this option, their password is stored on the user’s computer and will automatically populate each time they connect to the VPN.

Allow client to connect automatically

When enabled, if the user selects this option, when the FortiClient application is launched, for example after a reboot or system startup, FortiClient will automatically attempt to connect to the VPN tunnel.

Allow client to keep connections alive

When enabled, if the user selects this option, the FortiClient should try to reconnect once it detects the VPN connection is down unexpectedly (not manually disconnected by user).

DNS Split Tunneling

Enable and then create or edit the DNS entry. See Create or edit a DNS entry.

Host Check

Enable and then select Realtime AntiVirus, Firewall, or Enable both.

Restrict to Specific OS Versions

Enable or disable.

Enable Web Mode

Enable for web-mode access.

Portal Message

This is a text header that appears on the top of the web portal.

Theme

Select a color styling specifically for the web portal.

Show Session Information

The Show Session Information widget displays the login name of the user, the amount of time the user has been logged in and the inbound and outbound traffic statistics.

Show Connection Launcher

Displays the Connection Launcher widget in the web portal.

Show Login History

Select to include user login history on the web portal.

User Bookmarks

Enable to allow users to add their own bookmarks in the web portal.

Rewrite Content IP/UI/

Enable or disable whether the content can be rewritten.

FDP/VNC clipboard

Enable or disable the FDP/VNC clipboard.

Create New

Create a bookmark. See Create or edit a bookmark.

Edit

Edit a selected bookmark. See Create or edit a bookmark.

Delete

Delete a selected bookmark.

Search

Enter a search term to find in the list.

Enable FortiClient Download

Enable to allow users to customize the download URL for FortiClient.

Download Method

If you enable FortiClient download, select whether FortiClient will directly download or use SSL-VPN proxy.

Customize Download Location

Enable to change the download location.

Windows

Enable to specify the Windows download location.

Mac

Enable to specify the Mac download location.

Disable the clipboard in SSL-VPN web-mode RDP connections

In web portal profiles, the clipboard can be disabled for SSL VPN web-mode RDP/VNC connections. Users will not be able to copy and paste content to or from the internal server.

To disable the RDP/VNC clipboard in the GUI:

  1. Go to VPN > SSL-VPN Portals.

  2. Select a portal and click Edit.

  3. Disable RDP/VNC clipboard.

  4. Click OK.

To disable the RDP/VNC clipboard in the CLI:
config vpn ssl web portal
    edit <portal_name>
        set clipboard disable
    next
end
Previous
Next