Fortinet black logo

Cookbook

Adding security policies

Copy Link
Copy Doc ID a4a06ec3-12a7-11e9-b86b-00505692583a:364638
Download PDF

Adding security policies

  1. To add an address for the local network, go to Policy & Objects > Addresses.
  2. Set Type to Subnet, Subnet/IP Range to the local subnet, and Interface to lan.

  3. To create a security policy allowing access to the internal network through the VPN tunnel interface, go to Policy & Objects > IPv4 Policy.
  4. Set Incoming Interface to ssl.root and Outgoing Interface to lan. Select Source and set Address to all and User to the Employee user group. Set Destination to the local network address, Service to ALL, and enable NAT.

  5. Add a second security policy allowing SSL VPN access to the Internet.
  6. Note

    If you are allowing split tunneling, this policy is not required.

  7. For this policy, set Incoming Interface to ssl.root and Outgoing Interface to wan1. Select Source and set Address to all and User to the Employee user group.

Adding security policies

  1. To add an address for the local network, go to Policy & Objects > Addresses.
  2. Set Type to Subnet, Subnet/IP Range to the local subnet, and Interface to lan.

  3. To create a security policy allowing access to the internal network through the VPN tunnel interface, go to Policy & Objects > IPv4 Policy.
  4. Set Incoming Interface to ssl.root and Outgoing Interface to lan. Select Source and set Address to all and User to the Employee user group. Set Destination to the local network address, Service to ALL, and enable NAT.

  5. Add a second security policy allowing SSL VPN access to the Internet.
  6. Note

    If you are allowing split tunneling, this policy is not required.

  7. For this policy, set Incoming Interface to ssl.root and Outgoing Interface to wan1. Select Source and set Address to all and User to the Employee user group.