beautypg.com

Configuring ssl vpn event-logging, Configuring ssl vpn event – Fortinet FORTIOS V3.0 MR7 User Manual

Page 48

background image

FortiOS v3.0 MR7 SSL VPN User Guide

48

01-30007-0348-20080718

Configuring SSL VPN event-logging

Configuring a FortiGate SSL VPN

3

Select OK.

4

If the user group requires access to another server or network, create the IP
destination address (see

“To specify the destination IP address” on page 46

) and

repeat this procedure to create the required firewall policy.

5

Create additional IP destination addresses and firewall policies if required for each
additional user group.

Configuring SSL VPN event-logging

You can configure the FortiGate unit to log SSL VPN events. For information
about how to interpret log messages, see the

FortiGate Log Message Reference

.

To log SSL VPN events

1

Go to Log&Report > Log Config > Log Setting.

2

Enable the storage of log messages to one or more of the following locations:

a FortiAnalyzer unit

the FortiGate system memory

a remote computer running a syslog server

3

If the options are concealed, select the blue arrow beside each option to reveal
and configure associated settings.

Cipher Strength

Select one of the following options to determine the level of SSL
encryption to use. The web browser on the remote client must be
capable of matching the level that you select:
• To use any cipher suite, select Any.
• To use a 164-bit or greater cipher suite, select High >= 164.
• To use a 128-bit or greater cipher suite, select Medium >= 128.

User Authentication
Method

Select one of the following options to bind user groups to
authentication methods:
• If the user group contains only local users, select Local.
• If the remote clients will be authenticated by an external

RADIUS server, select Radius.

• If the remote clients will be authenticated by an external LDAP

server, select LDAP.

• If the user group contains Local, RADIUS, and LDAP users,

select Any to enable all of the authentication methods. Local is
attempted first, then RADIUS, then LDAP.

Available Groups

Select the name of the user group requiring SSL VPN access, and
then select the right-pointing arrow. Do not select more than one
user group unless all members of the selected user groups have
identical access requirements.

Note: If you apply a protection profile in a SSL VPN firewall policy, it will only apply to
tunnel-mode operations.

Note: If available on your FortiGate unit, you can enable the storage of log messages to a
system hard disk. In addition, as an alternative to the options listed above, you may choose
to forward log messages to a remote computer running a WebTrends firewall reporting
server. For more information about enabling either of these options through CLI commands,
see the “log” chapter of the

FortiGate CLI Reference

.

See also other documents in the category Fortinet Hardware: