Difference between revisions of "Fortinet firewall SSL VPN configuration"

From Notes_Wiki
 
(16 intermediate revisions by the same user not shown)
Line 5: Line 5:
== Create SSL VPN Group ==
== Create SSL VPN Group ==
* To create the '''SSL VPN Group''', go through the following steps:
* To create the '''SSL VPN Group''', go through the following steps:
# User & Authentication > User Groups > Click on Create new
# '''User & Authentication''' > '''User Groups''' > Click on '''Create new'''
# Give the Group name and select Type as Firewall then click on OK
# Give the Group name and select Type as '''Firewall''' then click on '''OK'''


== Enable Feature Visibility ==
== Enable Feature Visibility ==
* To enable the '''Feature Visibility''', go through the following steps:
* To enable the '''Feature Visibility''', go through the following steps:
 
# '''Systems''' > '''Feature Visibility''' > enable '''SSL VPN''' > Click on '''Apply'''
<pre>
1.2.1 Systems > Feature Visibility > enable SSL VPN > Click on Apply
</pre>


== Create SSL VPN Portal ==
== Create SSL VPN Portal ==
* To create the '''SSL VPN Portal''', go through the following steps:
* To create the '''SSL VPN Portal''', go through the following steps:
 
# '''VPN''' > '''SSL-VPN Portals''' > Select '''full-access''' > Click on '''Edit'''
<pre>
# You can retain the '''Source IP Pools''' as it is or else you can delete the existing object and create the new object with the IP range that you want. Once the new object is created, we need to select the new object for the new '''source IP Pools'''.
1.3.1 VPN > SSL-VPN Portals > Select full-access > Click on Edit
# based on your requirement, you can enable or disable the options for '''Tunnel Mode Client Options''' then click on '''OK'''
</pre>
 
<pre>
1.3.2 You can retain the Source IP Pools as it is or else you can delete the existing object and create the new object with the IP range that you want. Once the new object is created, we need to select the new object for the new source IP Pools.
</pre>
 
<pre>
1.3.3 based on your requirement, you can enable or disable the options for Tunnel Mode Client Options then click on OK
</pre>


== SSL VPN Settings ==
== SSL VPN Settings ==
* For '''SSL VPN Settings''', go through the following steps:
* For '''SSL VPN Settings''', go through the following steps:
 
# Go to '''VPN''' > '''SSL-VPN Settings''' > '''Enable'''
<pre>
# Select the appropriate '''WAN interface''' for the '''Listen on Interfaces'''. And mention the '''customized port number''' for the '''Listen on Port'''. And select the '''Fortinet_Factory''' from the drop_down_menu for the '''Server Certificate'''.
1.4.1 Go to VPN > SSL-VPN Settings > Enable
# Under '''Authentication/Portal Mapping''', Select '''All Other Users/Groups''' then Click on the '''Edit''' Option.
</pre>
# Select the '''SSL-VPN portal name''' that you would have created then click on '''OK'''.
 
# Go to '''VPN''' > '''SSL VPN Settings''' > Under '''Authentication/Portal Mapping''' > Click on '''Create New'''
<pre>
# Once you click on '''Create New''', New Windows will open, here we need to Select the '''SSL-VPN Group''' that we would have created earlier and select the '''VPN Portal''' also that was created previously then Click on '''OK'''. then click on '''Apply'''.
1.4.2 Select the appropriate WAN interface for the Listen on Interfaces. And mention the customized port number for the Listen on Port. And select the Fortinet_Factory from the drop_down_menu for the Server Certificate.
# If you want, you can assign '''custom IP ranges''' for '''Tunnel Mode Client Settings''' or else you can ignore this step.
</pre>
 
<pre>
1.4.3 Under Authentication/Portal Mapping, Select All Other Users/Groups then Click on the Edit Option.
</pre>
 
<pre>
1.4.4 Select the SSL-VPN portal name that you would have created then click on OK.
</pre>
 
<pre>
1.4.5 Go to VPN SSL VPN Settings Under Authentication/Portal Mapping Click on Create New
</pre>
 
<pre>
1.4.6 Once you click on Create New, New Windows will open, Here we need to Select the SSL-VPN Group that we would have created earlier and Select the VPN Portal also that was created previously then Click on OK. then click on Apply
</pre>
 
<pre>
1.4.7 If you want, you can assign custom IP ranges for Tunnel Mode Client Settings or else you can ignore this step.
</pre>


== Create Firewall Rule ==
== Create Firewall Rule ==
* To create the '''Firewall Rule''', go through the following steps:
* To create the '''Firewall Rule''', go through the following steps:
 
# '''Policy & Objects''' > '''Firewall Policy''' > click on '''Create New'''
<pre>
# Give appropriate '''Firewall Rule Name''', select Schedule as '''always''' from the drop down menu. Select '''Accept''' for Action. And for '''incoming interface''' select '''SSL-VPN tunnel interface (ss.root)''' from the drop down menu. And select '''LAN (internal)''' for '''Outgoing interface'''
1.5.1 Policy & Objects > Firewall Policy > click on Create New
# Under '''Source and Destination''', For the '''source subnet''', select '''SSL-VPN group''' that you would have created earlier. Create Object for LAN network and select it for the '''Destination'''. And select '''ALL''' for the '''Service'''
</pre>
# Disable the '''NAT''' and click on '''OK'''.
 
<pre>
1.5.2 Give appropriate Firewall Rule Name, select Schedule as always from the drop down menu. Select Accept for Action. And for incoming interface select SSL-VPN tunnel interface (ss.root) from the drop down menu. And select LAN (internal) for Outgoing interface
</pre>
 
<pre>
1.5.3 Under Source and Destination, For the source subnet, select SSL-VPN group that you would have created earlier. Create Object for LAN network and select it for the Destination. And select ALL for the Service
</pre>
 
<pre>
1.5.4 Disable the NAT and click on OK.
</pre>


== Create SSL VPN User ==
== Create SSL VPN User ==
* To create the '''SSL VPN User''', go through the following steps:
* To create the '''SSL VPN User''', go through the following steps:
 
# '''User & Authentication''' > '''User Definition''' > click on '''Create new'''
<pre>
# Select '''User Type''' as '''Local User''', and then click on '''Next'''.
1.6.1 User & Authentication > User Definition > click on Create new
# Once you click on '''Next''' in the previous step, Mention '''Username''' and assign appropriate '''password''' and then click on '''Next'''.
</pre>
# Select '''Enable''' for '''User Account Status''', '''enable the User Group''' and select the '''User Group''' that you would have created. And then click on '''submit'''.
 
<pre>
1.6.2 select User Type as Local User, and then click on Next.
</pre>
 
<pre>
1.6.3 Once you click on Next in the previous step, Mention Username and assign appropriate password and then click on Next.
</pre>
 
<pre>
1.6.4 Select Enable for User Account Status, enable the User Group and select the User Group that you would have created. And then click on submit.
</pre>


== Download FortiClient and its Configuration ==
== Download FortiClient and its Configuration ==
* To download the '''FortiClient App''' and for its '''Configuration''', go through the following steps:
* To download the '''FortiClient App''' and for its '''Configuration''', go through the following steps
<pre>
# Download '''FortiClient VPN App''' from the '''Link''' [https://www.fortinet.com/support/product-downloads#vpn Click here to download the FortiClient]
1.7.1 Download FortiClient VPN App from the below Link.
# For '''windows OS''', Click on '''DOWNLOAD VPN for Windows'''
Link: https://www.fortinet.com/support/product-downloads#vpn
# Once the '''installer''' is downloaded, Installation is very straight forward, just follow onscreen instruction and Install the FortiClient application
</pre>
# Once the installation is completed, double-click on the '''FortiClient''' icon. It will take you to the new window. Here put the '''check mark''' for '''acknowledgement''' then click on '''I accept'''
 
# Once you click on, '''I accept''' in the previous step, it will take you to the new windows. Here we have to '''click''' on '''Configure VPN'''.
<pre>
# Once you click on '''Configure VPN''' in the previous step, select '''SSL-VPN''' for VPN, we can mention '''company name''' for the '''connection name''', For '''Remote Gateway''' we need to mention '''static public IP''' that we would have configured on the '''firewall''' on the '''WAN port''', mention the '''customize port''' that you would have configured. For '''Authentication''' select '''Save login''', mention the '''Username''' then click on '''save'''.
1.7.2 For windows OS, select DOWNLOAD VPN for Windows  
# Once you click on '''Save''' in the previous step, it will take you to the next window. Here you need to enter the '''password''' and '''click''' on '''connect'''.
</pre>
# Once you '''click''' on '''connect''' in the previous step, '''server certificate''' related warning message will pop up. Here click on '''Yes'''.
 
# Once you click on '''Yes''' in the previous step, you will get acknowledgement telling '''VPN Connected'''.
<pre>
1.7.3 Once the installer is downloaded, Installation is very straight forward, just follow onscreen instruction and Install the FortiClient application
</pre>
 
<pre>
1.7.4 Once the installation is completed, double-click on the FortiClient icon. It will take you to the following window. Here put the check mark for acknowledgement then click on I accept
</pre>
 
<pre>
1.7.5 Once you click on I accept in the previous step, it will take you to the next windows as following. Here we have to click on Configure VPN.
</pre>
 
<pre>
1.7.6 Once you click on Configure VPN in the previous step, select SSL-VPN for VPN, we can mention company name for the connection name, For Remote Gateway we need to mention static public IP that we would have configured on the firewall on the WAN port, mention the customize port that you would have configured. For Authentication select Save login, mention the Username then click on save.
</pre>
 
<pre>
1.7.7 Once you click on Save in the previous step, it will take you to the next window. Here you need to enter the password and click on connect.
</pre>


<pre>
1.7.8 Once you click on connect in the previous step, server certificate related warning message will pop up. Here click on Yes.
</pre>


<pre>
1.7.9 Once you click on Yes in the previous step, you will get acknowledgement telling VPN Connected.
</pre>




Latest revision as of 08:15, 22 May 2025

Home > Enterprise security devices or applications > Fortigate firewall > Fortinet firewall SSL VPN configuration

Steps to be followed to configure the SSL VPN on FortiGate Fortinet Firewall

Create SSL VPN Group

  • To create the SSL VPN Group, go through the following steps:
  1. User & Authentication > User Groups > Click on Create new
  2. Give the Group name and select Type as Firewall then click on OK

Enable Feature Visibility

  • To enable the Feature Visibility, go through the following steps:
  1. Systems > Feature Visibility > enable SSL VPN > Click on Apply

Create SSL VPN Portal

  • To create the SSL VPN Portal, go through the following steps:
  1. VPN > SSL-VPN Portals > Select full-access > Click on Edit
  2. You can retain the Source IP Pools as it is or else you can delete the existing object and create the new object with the IP range that you want. Once the new object is created, we need to select the new object for the new source IP Pools.
  3. based on your requirement, you can enable or disable the options for Tunnel Mode Client Options then click on OK

SSL VPN Settings

  • For SSL VPN Settings, go through the following steps:
  1. Go to VPN > SSL-VPN Settings > Enable
  2. Select the appropriate WAN interface for the Listen on Interfaces. And mention the customized port number for the Listen on Port. And select the Fortinet_Factory from the drop_down_menu for the Server Certificate.
  3. Under Authentication/Portal Mapping, Select All Other Users/Groups then Click on the Edit Option.
  4. Select the SSL-VPN portal name that you would have created then click on OK.
  5. Go to VPN > SSL VPN Settings > Under Authentication/Portal Mapping > Click on Create New
  6. Once you click on Create New, New Windows will open, here we need to Select the SSL-VPN Group that we would have created earlier and select the VPN Portal also that was created previously then Click on OK. then click on Apply.
  7. If you want, you can assign custom IP ranges for Tunnel Mode Client Settings or else you can ignore this step.

Create Firewall Rule

  • To create the Firewall Rule, go through the following steps:
  1. Policy & Objects > Firewall Policy > click on Create New
  2. Give appropriate Firewall Rule Name, select Schedule as always from the drop down menu. Select Accept for Action. And for incoming interface select SSL-VPN tunnel interface (ss.root) from the drop down menu. And select LAN (internal) for Outgoing interface
  3. Under Source and Destination, For the source subnet, select SSL-VPN group that you would have created earlier. Create Object for LAN network and select it for the Destination. And select ALL for the Service
  4. Disable the NAT and click on OK.

Create SSL VPN User

  • To create the SSL VPN User, go through the following steps:
  1. User & Authentication > User Definition > click on Create new
  2. Select User Type as Local User, and then click on Next.
  3. Once you click on Next in the previous step, Mention Username and assign appropriate password and then click on Next.
  4. Select Enable for User Account Status, enable the User Group and select the User Group that you would have created. And then click on submit.

Download FortiClient and its Configuration

  • To download the FortiClient App and for its Configuration, go through the following steps
  1. Download FortiClient VPN App from the Link Click here to download the FortiClient
  2. For windows OS, Click on DOWNLOAD VPN for Windows
  3. Once the installer is downloaded, Installation is very straight forward, just follow onscreen instruction and Install the FortiClient application
  4. Once the installation is completed, double-click on the FortiClient icon. It will take you to the new window. Here put the check mark for acknowledgement then click on I accept
  5. Once you click on, I accept in the previous step, it will take you to the new windows. Here we have to click on Configure VPN.
  6. Once you click on Configure VPN in the previous step, select SSL-VPN for VPN, we can mention company name for the connection name, For Remote Gateway we need to mention static public IP that we would have configured on the firewall on the WAN port, mention the customize port that you would have configured. For Authentication select Save login, mention the Username then click on save.
  7. Once you click on Save in the previous step, it will take you to the next window. Here you need to enter the password and click on connect.
  8. Once you click on connect in the previous step, server certificate related warning message will pop up. Here click on Yes.
  9. Once you click on Yes in the previous step, you will get acknowledgement telling VPN Connected.




Home > Enterprise security devices or applications > Fortigate firewall > Fortinet firewall SSL VPN configuration

Retrieved from "http://www.sbarjatiya.com/notes_wiki/index.php?title=Fortinet_firewall_SSL_VPN_configuration&oldid=8578"