In this video, you will learn how to configure SSL VPN for remote worker to connect to afford a gate protecting network and enforce your security policies.
You'll create a remote worker named Jack. When Jack works at home or on his travels, he can go to the Web portal using any device with Internet access and 40 client. The SSL VPN tunnel provides an encrypted communication path for Jack to connect to internal network connections and protected Internet access.
First, you are going to set up the VPN portal for both tunnel mode and Web mode.
Go to VPN SFL portals
Edit the full access portal
enabled tunnel mode.
Do not enable split tunnelling. This will keep all your Internet traffic going through the 48 unit and be subject to security profiles.
also enable status Information Connection tool and 40 client download
from mobile users to download the 40 client app.
Enable user bookmarks and create new in the pre defined bookmark area. Bookmarks are used as links to internal network resources to connect to your Windows server at a bookmark for a remote desktop connection. Set the category to remote desktop for the name enter Windows Server
said the type to our DP.
Enter your hosts network address
for the user name entered. Jack. Enter a safe password. The same username and password you just entered will be used in the next step to create the user jack.
Next, go to user and device user user definition to create a remote user
for the user name. Enter Jack. Enter the same safe password
at the email address, phone number and service type.
Then go to user and device user user groups to create a group for your remote user.
Create a user group for SSL VPN connections.
Set the type to firewall.
Add Jack as a member
before you begin. Ensure that your SSL VPN tunnel address range is different from that of your internal network.
Go to policy and objects objects addresses toe. Add an address for the local network. Create a local land address
with the local sub net
and ensure visibility is selected.
Go to VPN SSL settings to define how users can connect and interact with SSL. VPN portals on your 40 gate set. Listen on interfaces to your external interface.
Listen on Port 443 and allow access from any hosts.
Select Specify custom I P ranges and set the I P range to the SSL VPN tunnel
under authentication portal mapping at the S S L V P In User group
Go to policy and Objects policy. I pee before
and create two security policies to allow internal network access and Internet access.
Create the first policy
set the incoming interface toothy SSL route
The source address to the S S L V P in tunnel address one
the source user to the s S L V P in group
and set the outgoing interface to your internal interface so that the VPN traffic can flow between the remote user and the Ford. A Gate
set destination address to your local land address
enabled that and configure any remaining firewall and security options as desired.
Next, create a second security policy allowing SSL VPN access to the Internet.
Set the incoming interface to the VPN tunnel interface SSL route
The source Address toe S S L V P and tunnel address one
The source User toe SSL VP in group
the outgoing interface to your external interface, which is usually when one
said the destination address to all and configure the rest as normal.
Finally set your Forte Gate unit to verify that users have current anti virus software.
Go to system status dashboard and opened the CLI console.
Enter config VPN, SSL Web portal
end Thes commands Enable the host to check for compliant anti virus software on the remote user's computer.
Go to VPN SSL settings and find your Web mode. You earl toe access the VP in portal
Log in to the portal using Jax User credentials,
the 40 gate unit performs the host check. After the check is complete, the portal should appear.
You may need to install the 40 client application using the available download link.
Sign into the 40 client application with Jax User credentials. For remote access,
connect to the S S L V P M Tunnel.
Select the bookmark remote desktop link to begin in our D P session with the Windows Server.
Ensure that you can successfully browse the Internet
and then quit the Java apple. It
then go to VPN. Monitor SSL VPN Monitor To verify the list of SSL users,
thank you for watching. For more information you can access for Nets Documentation Library at doc's dot Fortinet dot com