Network Router User Manual
Table Of Contents
- Contents
- Introduction
- Configuring a FortiGate SSL VPN
- Comparison of SSL and IPSec VPN technology
- SSL VPN modes of operation
- Topology
- Configuration overview
- Configuring the SSL VPN client
- Configuring SSL VPN settings
- Enabling SSL VPN connections and editing SSL VPN settings
- Specifying a port number for web portal connections
- Specifying an IP address range for tunnel-mode clients
- Enabling strong authentication through security certificates
- Specifying the cipher suite for SSL negotiations
- Setting the idle timeout setting
- Setting the client authentication timeout setting
- Adding a custom caption to the web portal home page
- Adding WINS and DNS services for clients
- Redirecting a user group to a popup window
- Customizing the web portal login page
- Configuring user accounts and SSL VPN user groups
- Configuring firewall policies
- Configuring SSL VPN event-logging
- Monitoring active SSL VPN sessions
- Configuring SSL VPN bookmarks and bookmark groups
- SSL VPN host OS patch check
- Granting unique access permissions for SSL VPN tunnel user groups
- SSL VPN virtual interface (ssl.root)
- SSL VPN dropping connections
- Working with the web portal
- Index
Configuring a FortiGate SSL VPN Configuring SSL VPN settings
FortiOS v3.0 MR7 SSL VPN User Guide
01-30007-0348-20080718 35
Figure 5: Edit SSL VPN settings
Enable SSL VPN Select to enable SSL VPN connections.
Tunnel IP Range Specify the range of IP addresses reserved for tunnel-
mode SSL VPN clients. Type the starting and ending
address that defines the range of reserved IP
addresses. See Specifying an IP address range for
tunnel-mode clients.
Server Certificate Select the signed server certificate to use for
authentication purposes. If you leave the default setting
(Self-Signed), the FortiGate unit offers its factory
installed (self-signed) certificate from Fortinet to remote
clients when they connect. See Enabling strong
authentication through security certificates.
Require Client Certificate If you want to enable the use of group certificates for
authenticating remote clients, select the option.
Afterward, when the remote client initiates a connection,
the FortiGate unit prompts the client for its client-side
certificate as part of the authentication process.
Encryption Key Algorithm
See Specifying the cipher suite
for SSL negotiations.
Select the algorithm for creating a secure SSL
connection between the remote client web browser and
the FortiGate unit.
Default - RC4(128
bits) and higher
If the web browser on the remote client is capable of
matching a 128-bit or greater cipher suite, select this
option.
High - AES(128/256
bits) and 3DES
If the web browser on the remote client is capable of
matching a high level of SSL encryption, select this
option to enable cipher suites that use more than 128
bits to encrypt data.
Low - RC4(64 bits),
DES and higher
If you are not sure which level of SSL encryption the
remote client web browser supports, select this option to
enable a 64-bit or greater cipher suite.