Home > Enterprise security devices or applications > Fortigate firewall > Fortinet firewall SSL VPN configuration

Steps to be followed to configure the SSL VPN on FortiGate Fortinet Firewall

Create SSL VPN Group

User & Authentication > User Groups > Click on Create new

Give the Group name and select Type as Firewall then click on OK

Enable Feature Visibility

Systems > Feature Visibility > enable SSL VPN > Click on Apply

Create SSL VPN Portal

VPN > SSL-VPN Portals > Select full-access > Click on Edit

You can retain the Source IP Pools as it is or else you can delete the existing object and create the new object with the IP range that you want. Once the new object is created, we need to select the new object for the new source IP Pools.

based on your requirement, you can enable or disable the options for Tunnel Mode Client Options then click on '''OK'''

SSL VPN Settings

Go to VPN > SSL-VPN Settings > Enable

Select the appropriate WAN interface for the Listen on Interfaces. And mention the customized port number for the Listen on Port. And select the Fortinet_Factory from the drop_down_menu for the Server Certificate.

Under Authentication/Portal Mapping, Select All Other Users/Groups then Click on the Edit Option.

Select the SSL-VPN portal name that you would have created then click on OK.

Go to VPN → SSL VPN Settings → Under Authentication/Portal Mapping → Click on Create New

Once you click on Create New, New Windows will open, Here we need to Select the SSL-VPN Group that we would have created earlier and Select the VPN Portal also that was created previously then Click on OK. then click on Apply

If you want, you can assign custom IP ranges for Tunnel Mode Client Settings or else you can ignore this step.

Create Firewall Rule

Policy & Objects > Firewall Policy > click on Create New

Give appropriate Firewall Rule Name, select Schedule as always from the drop down menu. Select Accept for Action. And for incoming interface select SSL-VPN tunnel interface (ss.root) from the drop down menu. And select LAN (internal) for Outgoing interface

Under Source and Destination, For the source subnet, select SSL-VPN group that you would have created earlier. Create Object for LAN network and select it for the Destination. And select ALL for the Service

Disable the NAT and click on OK.

Create SSL VPN User

User & Authentication > User Definition > click on Create new

select User Type as Local User, and then click on Next.

Once you click on Next in the previous step, Mention Username and assign appropriate password and then click on Next.

Select Enable for User Account Status, enable the User Group and select the User Group that you would have created. And then click on submit.

Download FortiClient and Configuration

Download FortiClient VPN App from the below Link.
Link: https://www.fortinet.com/support/product-downloads#vpn

For windows OS, select DOWNLOAD VPN for Windows 

Once the installer is downloaded, Installation is very straight forward, just follow onscreen instruction and Install the FortiClient application

Once the installation is completed, double-click on the FortiClient icon. It will take you to the following window. Here put the check mark for acknowledgement then click on I accept

Once you click on I accept in the previous step, it will take you to the next windows as following. Here we have to click on Configure VPN.

Once you click on Configure VPN in the previous step, select SSL-VPN for VPN, we can mention company name for the connection name, For Remote Gateway we need to mention static public IP that we would have configured on the firewall on the WAN port, mention the customize port that you would have configured. For Authentication select Save login, mention the Username then click on save.

Once you click on Save in the previous step, it will take you to the next window. Here you need to enter the password and click on connect.

Once you click on connect in the previous step, server certificate related warning message will pop up. Here click on Yes.

Once you click on Yes in the previous step, you will get acknowledgement telling VPN Connected.

Home > Enterprise security devices or applications > Fortigate firewall > Fortinet firewall SSL VPN configuration