beautypg.com

Fortinet FORTIOS V3.0 MR7 User Manual

Page 61

background image

Configuring a FortiGate SSL VPN

SSL VPN virtual interface (ssl.root)

FortiOS v3.0 MR7 SSL VPN User Guide
01-30007-0348-20080718

61

Go to Firewall > Policy and select Create New to create a firewall policy.

For a standard configuration, set up the firewall policies listed below.

To allow ssl users to browse the Internet through the FortiGate unit:

To allow SSL-tunnel users to access a policy-based VPN peer network:

Authentication policy

Source

wan1

Source address

all

Destination

internal

Destination address

internal subnet

Action

sslvpn

Authentication

ssl user group(s)

Inbound access policy

Source

ssl.root

Source address

ip address of remote client

Destination

internal

Destination address

internal subnet

Action

accept

Authentication

No authentication set

Outbound policy

Source

internal

Source address

internal subnet

Destination

ssl.root

Destination address

ssl assigned range

Action

Accept

Authentication

No authentication set

Static route

Destination network

Destination interface ssl.root

Internet browsing policy

Source

ssl.root

Source address

ssl-assigned range

Destination

wan1

Destination address

all

Action

accept

NAT enabled

Yes

Protection profile

Recommended

Peer network policy

Source

ssl.root

Source address

ssl-assigned range

See also other documents in the category Fortinet Hardware: