Configuring the SSL-VPN
To configure the SSL-VPN:
- On the FortiGate, go to VPN > SSL-VPN Portals, and edit the full-access portal.
- Go to VPN > SSL-VPN Settings.
- Then go to Policy & Objects > IPv4 Policy and create a new SSL VPN policy.
Toggle Enable Split Tunneling so that it is disabled.
Under Connection Settings set Listen on Interface(s) to wan1 and Listen on Port to 10443
.
Under Tunnel Mode Client Settings, select Specify custom IP ranges. The IP Ranges should be set to SSLVPN_TUNNEL_ADDR1 and the IPv6 version by default.
Under Authentication/Portal Mapping, select Create New.
Set the SSLVPNGroup user group to the full-access portal, and assign All Other Users/Groups to web-access — this will grant all other users access to the web portal only.
Set Incoming Interface to the SSL-VPN tunnel interface and set Outgoing Interface to the Internet-facing interface (in this case, wan1).
Set Source to the SSLVPNGroup user group and the all address.
Set Destination to all, Schedule to always, Service to ALL, and enable NAT.