Skip to main content

Fortigate guide for Begineer - 8

By


I'd like to show how to create and setup SSL VPN in Fortigate now.
Below picture is the Configuration Setting that I'd like to use for SSL VPN.



Before you begin, you need to make sure SSL VPN is
enabled using the CLI command:


config vpn ssl settings
set sslvpn-enable enable
end


Create a firewall address for the email server.
1) To add the email server address, go to Firewall Objects > Address > Address, select
Create New and enter the email server address:


Address Name
Email Server
Type
Subnet / IP Range
Subnet / IP Range
192.168.1.12
Interface
Internal



2) Select OK.
Create the SSL VPN portal and a bookmark for the email server that the user connects to after logging in.
1) Go to VPN > SSL > Config and for IP Pools select Edit and add Test VPN to the Selected table.
2) Go to VPN > SSL > Portal and select Create New to create the portal:


Name
Internal_company_sites_portal
Applications
HTTP/HTTPS
Portal Message
Internal Company Sites



3) Select OK to close the Edit Settings window.
4) On the default web portal delete the Bookmarks widget by selecting its Remove icon.
5) On the Add Widget on the right of the default portal select Bookmarks.
6) In the new Bookmarks widget select the Edit icon (looks like a pencil).
7) Optionally edit the Name and make sure Applications is set to HTTP/HTTPS.
8) Select OK in the Bookmarks widget.
9) In the Bookmarks widget select Add and create a bookmark to link the email server web page:


Name
Email
Type
HTTP/HTTPS
Location
https://mail.company.com
Description
Corporate email system



10) Select OK at the bottom of the Bookmarks widget.
11) Select Apply at the top of web portal page to save the web portal configuration.

Create the SSL VPN user and add the user to a user group configured for SSL VPN use.
1) Go to User > User > User and select Create New to add the user:


User Name
Test VPN
Password
password


2) Go to User > User Group > User Group and select Create New to add Test VPN to the SSL VPN user group:.

Name
Sales
Type
Firewall
Allow SSL-VPN Access
Internal Company Sites



3 Move Test VPN to the Members list.
4 Select OK.

Create an SSL VPN security policy with SSL VPN user authentication.
1) Go to Policy > Policy > Policy and select Create New to add the SSL VPN security policy:



Source Interface/Zone
WAN1
Source Address
All
Destination Interface/Zone
Internal
Destination Address
Email
Action
SSL-VPN



2) Select Configure SSL-VPN Users and select Add to add an authentication rule for remote SSL VPN users:


Selected User Groups
Sales
Selected Services
HTTP
HTTPS
Destination Interface/Zone
Internal


3) Select OK.


SSL VPN Connection, User Account creation, configuration and setup done.
But take note the above steps are may be vary depends on Fortigate Unit Mode.


May you be all happy.
(Be knowledgeable, pass it on then)
Labels:

Comments

  1. riyaFebruary 1, 2019 at 11:47 PM

    Nice information, valuable and excellent design, as share good stuff with good ideas and concepts, lots of great information and inspiration, both of which I need, thanks to offer such a helpful information here.
    Data Science Training in Indira nagar
    Data Science training in marathahalli
    Data Science Interview questions and answers
    Data Science training in btm layout
    Data Science Training in BTM Layout
    Data science training in bangalore

    ReplyDelete

Post a Comment

Popular posts from this blog

Fortigate guide for Begineer - 6

By
I would like to explaine how to troubleshoot the Fortigate Unit configured by Transparent Mode in step by step this time. Let's assume, you have one Fortigate Unit that configured as Transparent Mode. But devices from Internal/Private Network unable to access Internet/Public Network through your Fortigate Unit. OK. Let's troubleshoot with following steps, 1) Check the physical network connections between the network and the FortiGate unit, and between the FortiGate unit and the Internet. 2) Check the router and ISP-supplied equipment to make sure it is operating correctly. 3) Verify that you can connect to the internal interface by connecting to the management IP address of the FortiGate unit from the Internal network. From the internal network, attempt to ping the management IP address. If you cannot connect to the internal interface, verify the IP configuration of the PC and make sure the cables are connected and all switches and other devices on the network are powered on a...
Post a Comment
Read more

Why do we need network virtualization?

By
We need to think about Server Virtualization first if we want to talk about Network Virtualization. In the era of cloud computing, servers are virtualized and used in Data Centers. We are facing a lot of problem when we virtualized our Servers, 1) Routing and Switching Problem Routing become the issue when we create Virtual Switch and VLANs according to production requirement. Network Team might need some time to change on their end to meet with Server Virtualization Team changes on their end. ၂) Firewall Services Physical Firewall are difficult to manage due to the large number of rules needed to satisfy business requirements. New applications, new projects, and new networks all come with potential security requirements, which impact centralized firewall management. ၃) Load Balancing Let's say your company deploys a new physical load balancer for each tenant, resulting in increased capital expenditures. Once a tenant reaches their maximum capacity, it ca...
144 comments
Read more

Solving "WSUS administration console was unable to connect to the WSUS Server via the remote API" error

By
Today, I've got below when I try to connect my WSUS Server via WSUS Console. Below logs are display in Event Logs too. The WSUS administration console was unable to connect to the WSUS Server via the remote API.  Verify that the Update Services service, IIS and SQL are running on the server. If the problem persists, try restarting IIS, SQL, and the Update Services Service. The WSUS administration console was unable to connect to the WSUS Server via the remote API. Verify that the Update Services service, IIS and SQL are running on the server. If the problem persists, try restarting IIS, SQL, and the Update Services Service. System.Net.Sockets.SocketException -- No connection could be made because the target machine actively refused it 172.16.99.98:80 Source System Stack Trace:    at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)    at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Soc...
7 comments
Read more