Configuring SSL VPN
SSL VPN
FortiGate Version 4.0 Administration Guide
552
01-400-89802-20090424
•
ssl.root > Internal, with the action set to Accept
•
Internal > ssl.root, with the action set to Accept.
Access also requires a new static route: Destination network - <ssl tunnel mode assigned
range> interface ssl.root.
If you are configuring Internet access through an SSL VPN tunnel, you must add the
following configuration: ssl.root > External, with the action set to Accept, NAT enabled.
Configuring SSL VPN
You can configure basic SSL VPN settings including timeout values and SSL encryption
preferences. If required, you can also enable the use of digital certificates for
authenticating remote clients.
To enable SSL VPN connections and configure SSL VPN settings, go to
VPN > SSL >
Config
and select
Enable SSL-VPN
. When you have completed configuring the settings,
select
Apply
.
Figure 361: SSL-VPN Settings
Note:
If required, you can enable SSL version 2 encryption (for compatibility with older
browsers) through a FortiGate CLI command. For more information, see the
ssl
settings
command in the
.
Enable SSL VPN
Select to enable SSL VPN connections.
Tunnel IP Range
Specify the range of IP addresses reserved for tunnel-mode SSL VPN
clients. Type the starting and ending address that defines the range of
reserved IP addresses.
Server Certificate
Select the signed server certificate to use for authentication purposes. If
you leave the default setting (Self-Signed), the FortiGate unit offers its
factory installed (self-signed) certificate from Fortinet to remote clients
when they connect.
Require Client Certificate
If you want to enable the use of group certificates for authenticating
remote clients, select the check box. Afterward, when the remote client
initiates a connection, the FortiGate unit prompts the client for its client-
side certificate as part of the authentication process.
Summary of Contents for Gate 60D
Page 705: ...www fortinet com...
Page 706: ...www fortinet com...