- Go to VPN > SSL-VPN Settings.
- Set Listen on Interface(s) to wan1.
Set Listen on Port to 10443 to avoid port conflicts.
Set Restrict Access to Allow access from any host.
In this example, Server Certificate uses the Fortinet_Factory certificate. To ensure that traffic is secure, use your own CA-signed certificate. .
Under Tunnel Mode Client Settings, set IP Ranges to use the default IP range SSLVPN_TUNNEL_ADDR1.
- Under Authentication/Portal Mapping, select Create New.
Add the Employees user group and map it to the full-access Portal.
If necessary, map a portal for All Other Users/Groups.