In this article, we see how to configure SSL VPN on FortiGate 60F firewall. FortiGate firewalls are custom-made security processers that permit the manufacturing’s prime threat security. A lot of devices are designed to identify issues rapidly and intuitively.
We are going to set up an SSL VPN from Windows to the FortiGate Firewall. You can Install FortiClient on Windows, and then you can configure the firewall for FortiClient. We have two kinds of SSL VPNs: web-based mode and tunnel mode. The web-based mode does not need any agents, and you must be able to reach the server from Windows. Tunnel mode is via FortiClient. The goal of this article is to provide connectivity from home to office using FortiGate F60 Firewall SSL VPN.
Table of Contents
Configure SSL VPN on FortiGate Firewall
Work Environment
FortiGate 60F
Version 7.4.2
Establish SSL VPN Connection from External Client to FortiGate
Configure an SSL VPN from a client outside the network to FortiGate inside the network so that outside clients can access the inside network.
You need to install the VPN client application named FortiClient on the external client. You can download the FortiClient from the FortiClient download page.
Here, as an example, interfaces are shown in the image below.
How to Create Address Object for SSL-VPN Client
To create a new address object as an address pool to issue IP addresses to SSL-VPN clients. Expand Policy & Objects settings and click on addresses. Select the Create New tab and then address.
Enter an address name
Type: IP Rang
IP Range: 192.168.2.241-192.168.2.248 (to provide IP addresses to SSL-VPN clients).
Click ok
Create one more new address for your office’s internal vlan.
Name: VPN-Local-Desk
Type: Subnet
IP/Netmask: 192.168.2.0/24
Click ok
Now you can see that two addresses were successfully created.
Create New User for FortiGate SSL-VPN
Expand Users & Authentication settings, click on User Definition, and then click on + Create New.
Choose the local user, and then click next.
Enter your username and password, and then click next.
Choose Next
Click submit
An SSL VPN user was successfully created.
Create New User Group for FortiGate SSL-VPN
Select user group settings and then click on + create a new tab.
Type a new user group name (SSL-VPN).
Click on the + button next to members, and then select the user we created earlier.
Select ok
After creating a user group,.
How to Create an SSL-VPN Portal in FortiGate Firewall
Expand VPN settings, and then click on SSL-VPN Portals.
Click on the + Create New tab to create a new SSL-VPN portal.
Create an SSL-VPN Portal in Tunnel mode.
Choose enabled based on policy destination
To select source IP pools, click on the + button and then select “SSL-VPN Users,” the one we created in the address. Click ok
SSL VPN Portal was successfully created.
Configure SSL VPN on FortiGate 60F Firewall
Click on SSL-VPN Settings under VPN.
Listen on interfaces. Click on the + icon and then select your interfaces (wan1 or wan2). Please keep in mind that these interfaces should have public IP addresses.
I am testing the SSL VPN connection in my home lab; that’s why I am using a private IP address.
Listen on Port: 10443
Server Certificate: Fortinet_Factory
IP Range: Click on the + icon to add VPN users (SSLVPN-Users).
Authentication/Portal Mapping
Click on All Other Users/Groups, and then click on Edit.
From the portal, choose full-access, and then click OK.
Select + Create New.
Users/Groups: Choose a group (SSL-VPN).
Portal: Choose full-access and then click OK.
Click Apply
Create SSL-VPN Policy in FortiGate Firewall
Expand the Policy & Objects option, and then click on Firewall Policy.
Name: Enter an SSL VPN policy name
Outgoing Interface: Internal
Source: Click on the + icon to select SSL VPN users and groups (SSLVPN-Users and SSL-VPN).
Destination: Click on the + icon to choose the VPN address (VPN-Local-Desk) we created.
Configure security profiles as per your requirements, and then click OK.
With this procedure, the configuration of SSL-VPN on the FortiGate 60F firewall comes to an end.
In the next article, we will configure FortiClient VPN on Windows and FortiClient VPN on Android.
