Fortinet black logo

Remote access

Copy Link
Copy Doc ID 7c8e21ef-1be2-11ec-8c53-00505692583a:307697
Download PDF

Remote access

The number of remote workers is increasing, and networks are expanding into thin branch networks and the cloud. Secure remote access is advancing to meet the requirements of increasingly distributed environments. Assess your requirements and review the available options to determine the solution that best meets your requirements.

Fortinet has IPsec and SSL VPN options. SSL VPN has two modes: tunnel and web.

Regardless of the chosen remote access method, there are several options to enhance the security of the connection:

  • Remote authentication servers

    Integrating a remote server for user accounts avoids duplicating accounts on the FortiGate, enabling scalability and reducing human caused errors.

  • Certificates

    As a VPN gateway, the FortiGate that you are connecting to can utilize server certificates to prove its identity to the connecting device without requiring confirmation from the end user.

    User certificates can be used in place of passwords. Administrators should assign a unique certificate to each user.

  • Multi-factor authentication

    MFA increases the difficulty for an attacker that is trying to establish a connection using a compromised account.

  • TLS version and cipher suites

    Setting a minimum TLS version and using high strength cipher suites can enhance security.

Remote access

The number of remote workers is increasing, and networks are expanding into thin branch networks and the cloud. Secure remote access is advancing to meet the requirements of increasingly distributed environments. Assess your requirements and review the available options to determine the solution that best meets your requirements.

Fortinet has IPsec and SSL VPN options. SSL VPN has two modes: tunnel and web.

Regardless of the chosen remote access method, there are several options to enhance the security of the connection:

  • Remote authentication servers

    Integrating a remote server for user accounts avoids duplicating accounts on the FortiGate, enabling scalability and reducing human caused errors.

  • Certificates

    As a VPN gateway, the FortiGate that you are connecting to can utilize server certificates to prove its identity to the connecting device without requiring confirmation from the end user.

    User certificates can be used in place of passwords. Administrators should assign a unique certificate to each user.

  • Multi-factor authentication

    MFA increases the difficulty for an attacker that is trying to establish a connection using a compromised account.

  • TLS version and cipher suites

    Setting a minimum TLS version and using high strength cipher suites can enhance security.