Ssl vpn virtual interface (ssl.root) – Fortinet FORTIOS V3.0 MR7 User Manual
Page 60
FortiOS v3.0 MR7 SSL VPN User Guide
60
01-30007-0348-20080718
SSL VPN virtual interface (ssl.root)
Configuring a FortiGate SSL VPN
Figure 21: Firewall policy list
To avoid overlap with other firewall policies, add a DENY policy below the SSL
VPN policies (the source is the SSL VPN tunnel IP range). See
for more information.
SSL VPN virtual interface (ssl.root)
Configuration of the SSL VPN tunnel service involves a virtual interface,
ssl.
vdom implementations, this appears as ssl.root. The ssl.root interface appears in
the firewall policy interface lists and static route interface lists. The ssl-root
interface allows remote user access to additional networks. For example, the
interface facilitates the remote user´s ability to browse the Internet using the
FortiGate unit.
The SSL VPN tunnel-mode access requires the following firewall policies:
•
External > Internal, with the action set to SSL, with an SSL user group
•
ssl.root > Internal, with the action set to Accept
•
Internal > ssl.root, with the action set to Accept
This also requires a new static route and should appear as follows:
•
Destination network -
If you are configuring Internet access through an SSL VPN tunnel, the following
configuration must be added:
•
ssl.root > External, with the action set to Accept, with NAT enabled