Professional Documents
Culture Documents
In this example, you will allow remote users to access the corporate network using an SSL VPN,
connecting either by web mode using a web browser or tunnel mode using FortiClient.
https://cookbook.fortinet.com/ssl-vpn-using-web-tunnel-mode-60/ 1/8
30/11/2018 SSL VPN using web and tunnel mode - Fortinet Cookbook
Web mode allows users to access network resources, such as the the AdminPC used in this example.
For users connecting via tunnel mode, traf c to the Internet will also ow through the FortiGate, to
apply security scanning to this traf c. During the connecting phase, the FortiGate will also verify that
the remote user’s antivirus software is installed and up-to-date.
This recipe allows access for members of the Employee user group, created in the previous recipe,
Creating security pro les.
To edit the full-access SSL VPN portal, go to VPN > SSL-VPN Portals. The
full-access portal allows the use of tunnel mode and web mode.
Under Tunnel Mode, disable Enable Split Tunneling for both IPv4 and IPv6
traf c to ensure all Internet traf c will go through the FortiGate.
Under Enable Web Mode, create Prede ned Bookmarks for any internal
resources that the SSL VPN users need to access. In the example, the
bookmark allows the remote user RDP access to a computer on the internal
network.
To con gure the SSL VPN tunnel, go to VPN > SSL-VPN Settings.
Set Listen on Interface(s) to wan1. To avoid port con icts, set Listen on Port
to 10443. Set Restrict Access to Allow access from any host.
https://cookbook.fortinet.com/ssl-vpn-using-web-tunnel-mode-60/ 2/8
30/11/2018 SSL VPN using web and tunnel mode - Fortinet Cookbook
Under Tunnel Mode Client Settings, set IP Ranges to use the default IP range
SSLVPN_TUNNEL-ADDR1.
To add an address for the local network, go to Policy & Objects > Addresses.
Set Type to Subnet, Subnet/IP Range to the local subnet, and Interface to
lan.
Add a second security policy allowing SSL VPN access to the Internet.*
For this policy, set Incoming Interface to ssl.root and Outgoing Interface to
wan1. Select Source and set Address to all and User to the Employee user
group.
https://cookbook.fortinet.com/ssl-vpn-using-web-tunnel-mode-60/ 3/8
30/11/2018 SSL VPN using web and tunnel mode - Fortinet Cookbook
To verify that remote users are using up-to-date devices to connect to your network, you can
con gure a host check for both operating system (supported for Windows and Mac OS) and
software.
You can con gure an OS host check for speci c OS versions. This check includes the following
options: allow the device to connect, block the device, or check that the OS is up-to-date. The
default action for all OS versions is allow.
The software host can verify whether the device has Anti Virus software recognized by Windows
Security Center, rewall software recognized by Windows Security Center, both, or a custom
setting.
5. Results
The steps for connecting to the SSL VPN differ depending on whether you are using a web browser
or FortiClient.
Web browsers:
Using a supported Internet browser, connect to the SSL VPN web portal
using the remote gateway con gured in the SSL VPN settings (in the
example, https://172.25.176.62:10443)
After authenticating, you can access the SSL-VPN Portal . From this portal,
https://cookbook.fortinet.com/ssl-vpn-using-web-tunnel-mode-60/ 4/8
30/11/2018 SSL VPN using web and tunnel mode - Fortinet Cookbook
To view the list of users currently connected to the SSL VPN, go to Monitor >
SSL-VPN Monitor. The user is connected to the VPN.
FortiClient:
If you have not done so already, download FortiClient from www.forticlient.com.
Open the FortiClient Console and go to Remote Access. Add a new connection.
Set VPN Type to SSL VPN, set Remote Gateway to the IP of the listening
FortiGate interface (in the example, 172.25.176.62). Select Customize Port and
set it to 10443.
Select Add.
https://cookbook.fortinet.com/ssl-vpn-using-web-tunnel-mode-60/ 5/8
30/11/2018 SSL VPN using web and tunnel mode - Fortinet Cookbook
To view the list of users currently connected to the SSL VPN, go to Monitor >
SSL-VPN Monitor. The user is connected to the VPN.
Victoria Martin
Technical Writer at Fortinet
Victoria Martin works in Ottawa as part of the FortiOS technical documentation team. She
graduated with a Bachelor's degree from Mount Allison University, after which she
attended Humber College's book publishing program, followed by the more practical
technical writing program at Algonquin College. She does need glasses but also likes
wearing them, since glasses make you look smarter.
Yes No
LOG IN WITH
OR SIGN UP WITH DISQUS ?
Name
see more
△ ▽ • Reply • Share ›
✉ Subscribe d Add Disqus to your siteAdd DisqusAdd 🔒 Disqus' Privacy PolicyPrivacy PolicyPrivacy
CONTACT | DOCUMENTATION LIBRARY | CLI PORTAL | FUSE | VIDEOS | SUPPORT | CORPORATE | LEGAL
© 2018 Fortinet
https://cookbook.fortinet.com/ssl-vpn-using-web-tunnel-mode-60/ 8/8