Fortinet black logo

Administration Guide

Configuring SSL VPN connections

Configuring SSL VPN connections

  1. On the Remote Access tab, click Configure VPN.

  2. Select SSL-VPN, then configure the following settings:

    Connection Name

    Enter a name for the connection.

    Description

    (Optional) Enter a description for the connection.

    Remote Gateway

    Enter the IP address/hostname of the remote gateway. Multiple remote gateways can be configured by separating each entry with a semicolon. If one gateway is not available, the VPN connects to the next configured gateway.

    Customize port

    Change the port. The default port is 443.

    Client Certificate

    Enable client certificates, then select Prompt on connect or the certificate from the dropdown list.

    Authentication

    Select Prompt on login or Save login. The Disable option is available when Client Certificate is enabled.

    Username

    If you selected Save login, type the username to save for the login.

    Do not Warn Invalid Server Certificate

    Select if you do not want to be warned if the server presents an invalid certificate.

    +

    Select the add icon to add a new connection.

    -

    Select a connection and then select the delete icon to delete a connection.

  3. Click Save to save the VPN connection.
note icon

FortiClient supports split DNS tunneling for SSL VPN portals, which allows you to specify which domains are resolved by the DNS server specified by the VPN, while all other domains are resolved by the DNS specified locally. This requires configuring split DNS support via the FortiOS CLI. See split-dns in the FortiOS CLI Reference.

note icon

If using FortiClient on a Windows Server 2016 machine, ensure IE Enhanced Security is disabled. Otherwise, SSL VPN may not function as configured.

Configuring SSL VPN connections

  1. On the Remote Access tab, click Configure VPN.

  2. Select SSL-VPN, then configure the following settings:

    Connection Name

    Enter a name for the connection.

    Description

    (Optional) Enter a description for the connection.

    Remote Gateway

    Enter the IP address/hostname of the remote gateway. Multiple remote gateways can be configured by separating each entry with a semicolon. If one gateway is not available, the VPN connects to the next configured gateway.

    Customize port

    Change the port. The default port is 443.

    Client Certificate

    Enable client certificates, then select Prompt on connect or the certificate from the dropdown list.

    Authentication

    Select Prompt on login or Save login. The Disable option is available when Client Certificate is enabled.

    Username

    If you selected Save login, type the username to save for the login.

    Do not Warn Invalid Server Certificate

    Select if you do not want to be warned if the server presents an invalid certificate.

    +

    Select the add icon to add a new connection.

    -

    Select a connection and then select the delete icon to delete a connection.

  3. Click Save to save the VPN connection.
note icon

FortiClient supports split DNS tunneling for SSL VPN portals, which allows you to specify which domains are resolved by the DNS server specified by the VPN, while all other domains are resolved by the DNS specified locally. This requires configuring split DNS support via the FortiOS CLI. See split-dns in the FortiOS CLI Reference.

note icon

If using FortiClient on a Windows Server 2016 machine, ensure IE Enhanced Security is disabled. Otherwise, SSL VPN may not function as configured.