Configuring a fortigate ssl vpn, Comparison of ssl and ipsec vpn technology, Configuring a fortigate – Fortinet FORTIOS V3.0 MR7 User Manual
Page 13
Configuring a FortiGate SSL VPN
Comparison of SSL and IPSec VPN technology
FortiOS v3.0 MR7 SSL VPN User Guide
01-30007-0348-20080718
13
Configuring a FortiGate SSL VPN
This section provides a comparison of SSL and IPSec VPN technology, in addition
to an overview of the two modes of SSL VPN operation. The high-level steps for
configuring each mode are also included with cross-references to underlying
procedures.
The following topics are included in this section:
•
Comparison of SSL and IPSec VPN technology
•
•
•
•
•
Configuring user accounts and SSL VPN user groups
•
•
Configuring SSL VPN event-logging
•
Monitoring active SSL VPN sessions
•
Configuring SSL VPN bookmarks and bookmark groups
•
•
Granting unique access permissions for SSL VPN tunnel user groups
•
SSL VPN virtual interface (ssl.root)
•
Comparison of SSL and IPSec VPN technology
The FortiGate unit supports both SSL and IPSec VPN technologies. Each
combines encryption and VPN gateway functions to create private communication
channels over the Internet, which helps to defray physical network costs. Both
enable you to define and deploy network access and firewall policies using a
single management tool. In addition, both support a simple client/user
authentication process (including optional X.509 security certificates). You have
the freedom to use both technologies; however, one may be better suited to the
requirements of your situation.
In general, IPSec VPNs are a good choice for site-to-site connections where
appliance-based firewalls are used to provide network protection, and company
sanctioned client computers are issued to users. SSL VPNs are a good choice for
roaming users who depend on a wide variety of thin-client computers to access
enterprise applications and/or company resources from a remote location.
SSL and IPSec VPN tunnels may operate simultaneously on the same FortiGate
unit.