Add another entry for user group configured above testgroup and portal ssl_vpn_tunnel_splitĮ1.6: At last, configure the firewall policy: Authentication/Portal Mapping > All Other Users/Groups > select tunnel access. If we keep the default ip pools here, clients will receive an ip from pool configured on Portal above) Tunnel Mode Client Settings > Specify custom IP Ranges > select address source_ip_pools (this way the source ip from range 192.168.100.0/24 will be let to access internal networks. keep the logout time to 300 seconds (after 5 minutes of inactivity, disconnect the user automatically) keep for portal certificate the self-signed one Listen on Port: 10443 (use a custom one) Listen on Interface(s): port1 (mgmt interface that has access to Cloud area and also remote clients) Source IP Pools: source_ip_pools (ip pool that will be used for allocating ip addresses to clients)Į1.5: Configure ssl-vpn settings by going to VPN > SSL-VPN Settings:
Routing Address: internal_subnet1 (only the traffic to this network will be accepted) Go to User & Authentication > User Groups, create new:Į1.4: Create the ssl-vpn portal by going to VPN > SSL-VPN Portals, create new:
Go to User & Authentication > User definition and create the local user test1 with password fortigate.Į1.3: Create a group for the user test1. For example: let remote user access only the first branch (in our case, the subnet: 172.16.0.0/24) where they may have some internal documentation.Į1.1: Go to Policy and Objects > Address and create 2 new address objects:Į1.2: For the beginning, we will use only local authentication, which means that credentials are stored locally on the firewall device. The first task is a quick start to SSL-VPN on fortigate: configure 'tunnel split' for letting traffic for a specific subnet or multiple ones.
0 kommentar(er)
