Scribd
Upload
19 views8 pages

100-Remote Access SSL-VPN

Uploaded by

eshensanjula2002
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
19 views8 pages

100-Remote Access SSL-VPN

Uploaded by

eshensanjula2002
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

SSL VPN Web Mode Lab:

Remote Access VPN


Outside Layer 3 Interface Port1– 192.168.1.1/24
DMZ Layer 3 Interface Port4 – 10.0.4.0/24 & 10.0.5.0/24
Outside Network 172.29.129.0/24
Management IP Address Port1-192.168.100.200/24
DMZ SRV1 IP Address 10.0.4.1/24
DMZ SRV2 IP Address 10.0.5.2/24
Users and Groups HR Group, IT Group and SAL Group
WAN-Client IP Address 172.29.129.24/24

1 | P a g e Created by Ahmad Ali E-Mail: [email protected] , WhatsApp: 00966564303717


Configuring SSL VPN Tunnel:
Go to VPN > SSL-VPN Settings and set Listen on Interface(s) to WAN. To avoid port conflicts, set
Listen on Port to 4433. Set Restrict Access to Allow access from any host. In my case the
Fortinet_Factory certificate is used as the Server Certificate.

Under Tunnel Mode Client Settings, set IP Ranges to use the default IP range SSLVPN_TUNNEL-
ADDR1.

2 | P a g e Created by Ahmad Ali E-Mail: [email protected] , WhatsApp: 00966564303717


Under Authentication/Portal Mapping, add the SSL VPN user group and map it to the Web-
access portal. If necessary, map a portal for All Other Users/Groups.

On the top of SSL-VPN Settings click on No SSL-VPN policies exist. Click here to create a new
SSL-VPN policy using these settings.

3 | P a g e Created by Ahmad Ali E-Mail: [email protected] , WhatsApp: 00966564303717


Security Policy:
Go to Policy & Objects > Firewall Policy. Add a security policy allowing access to the DMZ
network through the VPN tunnel interface. Set Incoming Interface to ssl.VPN tunnel interface
and Outgoing Interface to the DMZ-Zone interface. Select Source and set Address to all and
Source User to the SSL-VPN user group. Set Destination Address to the all address, Service to
ALL, and enable NAT. Configure any remaining firewall and security options as desired.

Add a second security policy allowing SSL VPN access to the Internet. For this policy, Incoming
Interface is set to ssl.root, Outgoing Interface is set to WAN, and Destination is set to all.

4 | P a g e Created by Ahmad Ali E-Mail: [email protected] , WhatsApp: 00966564303717


External Host:
Add new node Windows 10 to the topology and connect to external Internet cloud, set the IP
Address in 172.29.129.0 range while set the default Gateway to 172.29.129.182

5 | P a g e Created by Ahmad Ali E-Mail: [email protected] , WhatsApp: 00966564303717


Testing:
Using a supported Internet browser, connect to the SSL VPN web portal using the remote
gateway configured in the SSL VPN settings in my case 192.168.1.1:4433

After successfully login, the web portal appears.

6 | P a g e Created by Ahmad Ali E-Mail: [email protected] , WhatsApp: 00966564303717


Verification:
To connect to the Local Website, select Quick Connection. Select HTTP/HTTPS, then enter the
URL or IP Address and select Launch.

The local website will launch.

On the FortiGate, go to Dashboard >Network>SSL-VPN. The user is connected to the VPN.

7 | P a g e Created by Ahmad Ali E-Mail: [email protected] , WhatsApp: 00966564303717


On the FortiGate, go to Log & Report>Events>VPN Events. To Verify the logs related to VPN.

Navigate to Dashboard>Network >SSL-VPN to verify the Active Users connected through VPN.

8 | P a g e Created by Ahmad Ali E-Mail: [email protected] , WhatsApp: 00966564303717

You might also like