FortiGate SSL VPN configuration

The SSL VPN configuration is comprised of these parts:

• SSL VPN portal
• SSL VPN realm
• SSL VPN settings
• Firewall policy

To configure the SSL VPN portal:

You can use the default full-access or tunnel-access profile. Ensure that under Tunnel mode, split tunneling is configure and enable base on policy destination . You is configure can configure additional setting as need .

To configure the SSL VPN realm:

1. Go toSystem > Feature Visibility.
2. Enable SSL – VPN realm.
3. Click apply.
4. Under VPN > SSL – VPN realm, clickcreate New.
5. Enter the URL path pki-ldap-machine.
6. Click OK to save .

To configure the SSL VPN settings:

1. Go toSystem > SSL-VPN Settings.
2. input the follow value :
   

   Enable SSL-VPN	Enable
   Listen on Interface(s)	port3
   listen on Port	10443
   Server Certificate	ztna-wildcard. The Windows certificate authority issues this wildcard server certificate.
   DNS Server	Specify
   DNS Server #1	10.88.0.1

3. Under Authentication/Portal Mapping, clickcreate New to create a new mapping.
4. setUsers / group to PKI – Machine – Group .
5. setRealm to Specify.
6. Select the /pki-ldap-machine realm.
7. setthe portal to full-access.
8. Click OK to save .
9. edit theAll Other Users / group entry:
   1. setportal to no-access.
   2. Click OK to save .

To configure the firewall policy:

1. From Policy & Objects > Firewall Policy, clickcreate New to create a new policy.
2. input the follow value :

   Name	VPN-Machine
   Incoming Interface	SSL-VPN tunnel interface (ssl.root)
   Outgoing Interface	port2
   Source	all, PKI-Machine-Group
   destination	create an address object for the web server 10.88.0.3/32 and any other server that must be access .
   Schedule	always
   Service	ALL
   action	accept
   Log is Allow allow traffic	Enabled, All Sessions

3. Configure any other security profiles settings as needed.
4. Click OK to save .