Fortinet FORTIOS V3.0 MR7 User Manual
Page 35
Configuring a FortiGate SSL VPN
Configuring SSL VPN settings
FortiOS v3.0 MR7 SSL VPN User Guide
01-30007-0348-20080718
35
Figure 5: Edit SSL VPN settings
Enable SSL VPN
Select to enable SSL VPN connections.
Tunnel IP Range
Specify the range of IP addresses reserved for tunnel-
mode SSL VPN clients. Type the starting and ending
address that defines the range of reserved IP
addresses. See
Specifying an IP address range for
Server Certificate
Select the signed server certificate to use for
authentication purposes. If you leave the default setting
(Self-Signed), the FortiGate unit offers its factory
installed (self-signed) certificate from Fortinet to remote
clients when they connect. See
authentication through security certificates
.
Require Client Certificate
If you want to enable the use of group certificates for
authenticating remote clients, select the option.
Afterward, when the remote client initiates a connection,
the FortiGate unit prompts the client for its client-side
certificate as part of the authentication process.
Select the algorithm for creating a secure SSL
connection between the remote client web browser and
the FortiGate unit.
Default - RC4(128
bits) and higher
If the web browser on the remote client is capable of
matching a 128-bit or greater cipher suite, select this
option.
High - AES(128/256
bits) and 3DES
If the web browser on the remote client is capable of
matching a high level of SSL encryption, select this
option to enable cipher suites that use more than 128
bits to encrypt data.
Low - RC4(64 bits),
DES and higher
If you are not sure which level of SSL encryption the
remote client web browser supports, select this option to
enable a 64-bit or greater cipher suite.