Quick Contact

How to configure SSL VPN in fortigate V4

How to configure SSL VPN in fortigate V4

Access for permitted remote networks and all other services passing the regular default gateway
1. Create user group and users:\
Go to: User > User > User (create new)
Enter User name and password

Go to: User > User group > User group (create new)
Enter group name
Type: mark Firewall
Mark Allow SSL-VPN access
Choose tunnel-access
Tal 11
Move users to Members of group
Tal 111
2. Addresses
Use default IP addresses pool for SSL VPN users or create new one
Create new address object for network that should be reachable via SSL VPN
Go to: Firewall Objects > Addresses > Addresses (create new)
Add address name
Type should be Subnet / IP Range
Add address and mask
Choose interface
Tal 22
3. SSL VPN configuration:
Go to: VPN > SSL > Config
In IP pools you can choose address object previously configured for VPN users or leave default (SSLVPN_TUNNEL_ADDR1)
Do not change all other parameters
Go to: VPN > SSL > Portal
Mark tunnel-access and choose edit
Tal 33
Choose edit in Tunnel mode window
Tal 333
Name: enter name
IP mode: choose User Group
IP Pools: add address object previously configured for VPN users or leave default (SSLVPN_TUNNEL_ADDR1)
Mark Split Tunneling to permit services with destination not behind the Firewall to pass via regular default gateway
Press OK
Tal 3333
4. Add static route for SSL VPN users network (default: SSLVPN_TUNNEL_ADDR1) or previously configured
Enter destination network (SSL VPN users network)
Device should be ssl.root
5. Rules configuration:
We have 3 networks:
port1(Wan-Telecity) – external network
ssl.root – VPN SSL network
Lova-Test – internal network
Create rule from External to ssl vpn tunnel interface
And click on ADD button:
User Group: choose previously configured users group for VPN
Service: ANY
Schedule: always
Tal 55
Create rule from ssl.root to internal network
Tal 555
Create rule from External to Internal with SSL VPN action
Tal 5555
And click on ADD button:
Same config
Tal 55555
6. Use Forti Client to establish SSL VPN connection
Choose VPN connections
Click on “+” to create new connection
Tal 66
Add connection name
Remote Gateway: External firewall address
Tal 666
Mark “test” VPN connection and press connect
Tal 6666
Enter Password than OK
Tal 66666
Tal 77
Tal 777
Tal 7777
And you connected
Made by:
XGlobe networking department
Additional Articles


© 2013 XGlobe Online Ltd.