Fortinet FORTIOS V3.0 MR7, Руководство пользователя

Страница: 35 / 90

Configuring a FortiGate SSL VPN Configuring SSL VPN settings
FortiOS v3.0 MR7 SSL VPN User Guide
01-30007-0348-20080718
35
Figure 5: Edit SSL VPN settings
Enable SSL VPN Select to enable SSL VPN connections.
Tunnel IP Range Specify the range of IP addresses reserved for tunnel-
mode SSL VPN clients. Type the starting and ending
address that defines the range of reserved IP
addresses. See
Specifying an IP address range for
tunnel-mode clients .
Server Certificate Select the signed server certificate to use for
authentication purposes. If you leave the default setting
(Self-Signed), the FortiGate unit offers its factory
installed (self-signed) certificate from Fortinet to remote
clients when they connect. See
Enabling strong
authentication through security certificates .
Require Client Certificate If you want to enable the use of group certificates for
authenticating remote clients, select the option.
Afterward, when the remote client initiates a connection,
the FortiGate unit prompts the client for its client-side
certificate as part of the authentication process.
Encryption Key Algorithm
See Specifying the cipher suite
for SSL negotiations .
Select the algorithm for creating a secure SSL
connection between the remote client web browser and
the FortiGate unit.
Default - RC4(128
bits) and higher If the web browser on the remote client is capable of
matching a 128-bit or greater cipher suite, select this
option.
High - AES(128/256
bits) and 3DES If the web browser on the remote client is capable of
matching a high level of SSL encryption, select this
option to enable cipher suites that use more than 128
bits to encrypt data.
Low - RC4(64 bits),
DES and higher If you are not sure which level of SSL encryption the
remote client web browser supports, select this option to
enable a 64-bit or greater cipher suite.