Scribd
Upload
146 views

Providing Remote Users With Protected Access To A Corporate Network and Internet Using SSL VPN

This document outlines the steps to set up remote SSL VPN access for users to connect to a corporate network and access the internet through a FortiGate unit. The six steps are: 1) Create an SSL VPN tunnel, 2) Create user definitions and add them to a group, 3) Add an address for the local network, 4) Add security profiles for access to the internet and internal network, 5) Set the FortiGate to verify users have up-to-date antivirus software, 6) Test the remote access by logging in as a user and verifying the VPN connection and traffic logs.

Uploaded by

PauloCuato
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
146 views

Providing Remote Users With Protected Access To A Corporate Network and Internet Using SSL VPN

This document outlines the steps to set up remote SSL VPN access for users to connect to a corporate network and access the internet through a FortiGate unit. The six steps are: 1) Create an SSL VPN tunnel, 2) Create user definitions and add them to a group, 3) Add an address for the local network, 4) Add security profiles for access to the internet and internal network, 5) Set the FortiGate to verify users have up-to-date antivirus software, 6) Test the remote access by logging in as a user and verifying the VPN connection and traffic logs.

Uploaded by

PauloCuato
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 8

29

1. Create an SSL VPN tunnel for remote users


2. Create user denitions and add them to a group
3. Add an address for the local network
4. Add security proles for access to the Internet and internal network
5. Set the FortiGate unit to verify users have current antivirus software
6. Results
Providing remote users with protected access to a
corporate network and Internet using SSL VPN
This example sets up remote users to connect to the corporate network using SSL
VPN, and use the FortiGate UTM for surfng the Internet. During the connecting
phase, the FortiGate unit will also verify that the remote users antivirus software is
installed and current.
FortiGate
Internet
Remote sslvpn user
Port 1
192.168.1.99/24
Internal Network
WAN 1
172.20.120.123 sslroot
browsing
Windows Server
192.168.1.114
30
Step One: Create an SSL VPN tunnel
for remote users
Go to VPN > SSL > Portal.
Edit the full-access portal.
Enable Split Tunneling is not enabled
so that all internet traffc will go through
the FortiGate unit and be subject to the
corporate UTM profles.
The full-access portal allows the use of
tunnel mode and/or web mode. In this
scenario we are using both modes.
Select Create New in the Include
Bookmarks area to add a bookmark for a
remote desktop link/connection.
31
Step Two: Create user defnitions and
add them to a group
Step Three: Add an address for the
local network
Go to User & Device > User > User
Defnition.
Add a remote user.
Go to User & Device > User > User
Group.
Add the user to a user group for SSL VPN
connections.
Go to Firewall Objects > Address >
Address.
Add the address for the local network.
32
Step Four: Add security profles for
access to the Internet and internal
network
Go to Policy > Policy > Policy.
Add a security policy allowing access to
the internal network.
Add a security policy allowing access to
the Internet.
For this policy, the Incoming Interface
is sslvpn tunnel interface and Outgoing
Interface is wan1. This way, the remote
SSL VPN users accessing the Internet
through the FotiGate unit.
33
Step Five: Set the FortiGate unit to
verify users have current antivirus
software
Results
Go to System > Status > Dashboard.
In the CLI Console widget, enter the
commands on the right to enable the host
check for compliant antivirus software on
the remote users computer.
Log into the portal as twhite.
The FortiGate unit performs the host
check.
34
After the check is complete, the portal
appears.
Select the bookmark Remote Desktop link
to begin an RDP session.
Go to VPN > Monitor > SSL-VPN to verify
the list of SSL users. The Web Application
description indicates that the user is using
web mode.
35
Go to Log & Report > Traffc Log >
Forward Traffc and view the details for
the SSL entry.
In the Tunnel Mode widget, select
Connect to enable the tunnel.
Select the bookmark Remote Desktop link
to begin an RDP session.
Go to VPN > Monitor > SSL-VPN to verify
the list of SSL users.
The Tunnel description indicates that the
user is using tunnel mode.
36
Go to Log & Report > Traffc Log >
Forward Traffc.
Internet access occurs simultaneously
through the FortiGate unit.
Select an entry to see more information.
Go to Log & Report > Traffc Log >
Forward Traffc and view the details for
the SSL entry.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy