Time
1 hour 35 minutes
Difficulty
Beginner

Video Description

In this video, you will learn how to configure SSL VPN for a remote worker to connect to a FortiGate-protected network, and enforce your security policies. You will create a remote worker named Jack. When Jack works at home, or on his travels, he can go to the web portal using any device with Internet access and FortiClient. The SSL VPN tunnel provides an encrypted communication path for Jack to connect to internal network connections and protected Internet access. Visit Fortinet's documentation library at http://docs.fortinet.com.

Video Transcription

00:00
In this video, you will learn how to configure SSL VPN for remote worker to connect to afford a gate protecting network and enforce your security policies.
00:10
You'll create a remote worker named Jack. When Jack works at home or on his travels, he can go to the Web portal using any device with Internet access and 40 client. The SSL VPN tunnel provides an encrypted communication path for Jack to connect to internal network connections and protected Internet access.
00:37
First, you are going to set up the VPN portal for both tunnel mode and Web mode.
00:43
Go to VPN SFL portals
00:47
Edit the full access portal
00:52
enabled tunnel mode.
00:54
Do not enable split tunnelling. This will keep all your Internet traffic going through the 48 unit and be subject to security profiles.
01:03
Enable Web mode
01:06
also enable status Information Connection tool and 40 client download
01:11
from mobile users to download the 40 client app.
01:15
Enable user bookmarks and create new in the pre defined bookmark area. Bookmarks are used as links to internal network resources to connect to your Windows server at a bookmark for a remote desktop connection. Set the category to remote desktop for the name enter Windows Server
01:34
said the type to our DP.
01:38
Enter your hosts network address
01:42
for the user name entered. Jack. Enter a safe password. The same username and password you just entered will be used in the next step to create the user jack.
01:57
Next, go to user and device user user definition to create a remote user
02:05
for the user name. Enter Jack. Enter the same safe password
02:09
at the email address, phone number and service type.
02:15
Select enable.
02:17
Then go to user and device user user groups to create a group for your remote user.
02:24
Create a user group for SSL VPN connections.
02:30
Set the type to firewall.
02:31
Add Jack as a member
02:43
before you begin. Ensure that your SSL VPN tunnel address range is different from that of your internal network.
02:50
Go to policy and objects objects addresses toe. Add an address for the local network. Create a local land address
03:01
with the local sub net
03:08
and ensure visibility is selected.
03:15
Go to VPN SSL settings to define how users can connect and interact with SSL. VPN portals on your 40 gate set. Listen on interfaces to your external interface.
03:30
Listen on Port 443 and allow access from any hosts.
03:36
Select Specify custom I P ranges and set the I P range to the SSL VPN tunnel
03:43
under authentication portal mapping at the S S L V P In User group
03:53
Go to policy and Objects policy. I pee before
03:59
and create two security policies to allow internal network access and Internet access.
04:05
Create the first policy
04:10
set the incoming interface toothy SSL route
04:14
The source address to the S S L V P in tunnel address one
04:18
the source user to the s S L V P in group
04:24
and set the outgoing interface to your internal interface so that the VPN traffic can flow between the remote user and the Ford. A Gate
04:32
set destination address to your local land address
04:36
enabled that and configure any remaining firewall and security options as desired.
04:47
Next, create a second security policy allowing SSL VPN access to the Internet.
04:56
Set the incoming interface to the VPN tunnel interface SSL route
05:00
The source Address toe S S L V P and tunnel address one
05:05
The source User toe SSL VP in group
05:10
the outgoing interface to your external interface, which is usually when one
05:15
said the destination address to all and configure the rest as normal.
05:35
Finally set your Forte Gate unit to verify that users have current anti virus software.
05:42
Go to system status dashboard and opened the CLI console.
05:46
Enter config VPN, SSL Web portal
05:51
Edit Full access
05:54
said host Check ese
05:57
end Thes commands Enable the host to check for compliant anti virus software on the remote user's computer.
06:08
Go to VPN SSL settings and find your Web mode. You earl toe access the VP in portal
06:15
Log in to the portal using Jax User credentials,
06:19
the 40 gate unit performs the host check. After the check is complete, the portal should appear.
06:27
You may need to install the 40 client application using the available download link.
06:31
Sign into the 40 client application with Jax User credentials. For remote access,
06:41
connect to the S S L V P M Tunnel.
06:44
Select the bookmark remote desktop link to begin in our D P session with the Windows Server.
06:54
Ensure that you can successfully browse the Internet
07:01
and then quit the Java apple. It
07:10
then go to VPN. Monitor SSL VPN Monitor To verify the list of SSL users,
07:21
thank you for watching. For more information you can access for Nets Documentation Library at doc's dot Fortinet dot com

Up Next