4 procedure 4: create tunnel mode security policy, Procedure 4: create tunnel mode security policy – HID ActivID AAA OOB & SSL User Manual

4TRESS AAA Out-of-Band Authentication (SMS) and SSL VPN Fortinet | Integration Handbook

External Release | © 2012-2013 HID Global Corporation/ASSA ABLOY AB. All rights reserved.

Page | 12

• Select User Groups in the left list (dialog not illustrated) and use the right arrow button to move them to

the right list.

• Select Service in the left list (dialog not illustrated) and use the right arrow button to move them to the

right list.

• Select the ANY service to allow the user group access to all services.

12. Click OK.

3.4

Procedure 4: Create Tunnel Mode Security Policy

If your SSL VPN will provide tunnel mode operation, then create a security policy to enable traffic to pass between
the SSL VPN virtual interface and the protected networks. This is in addition to the SSL VPN security policy that
you created in the preceding section.

To configure the tunnel mode security policy - web-based manager, perform the following steps.

1. Logged into the FortiGate Web console, navigate to Policy > Policy > Policy.

2. Click Create New (located in the pane to the right).

3. From the Source Interface/Zone drop-down list, select the virtual SSL VPN interface (for example, ssl.root).

4. From the Source Address drop-down list, select the firewall address you created that represents the IP

address range assigned to SSL VPN clients (for example, SSL_VPN_tunnel_users).