config vpn ssl web portal

Portal.

config vpn ssl web portal

Description: Portal.

edit <name>

set tunnel-mode [enable|disable]

set ip-mode [range|user-group]

set auto-connect [enable|disable]

set keep-alive [enable|disable]

set save-password [enable|disable]

set ip-pools <name1>, <name2>, ...

set exclusive-routing [enable|disable]

set service-restriction [enable|disable]

set split-tunneling [enable|disable]

set split-tunneling-routing-negate [enable|disable]

set split-tunneling-routing-address <name1>, <name2>, ...

set dns-server1 {ipv4-address}

set dns-server2 {ipv4-address}

set dns-suffix {var-string}

set wins-server1 {ipv4-address}

set wins-server2 {ipv4-address}

set ipv6-tunnel-mode [enable|disable]

set ipv6-pools <name1>, <name2>, ...

set ipv6-exclusive-routing [enable|disable]

set ipv6-service-restriction [enable|disable]

set ipv6-split-tunneling [enable|disable]

set ipv6-split-tunneling-routing-negate [enable|disable]

set ipv6-split-tunneling-routing-address <name1>, <name2>, ...

set ipv6-dns-server1 {ipv6-address}

set ipv6-dns-server2 {ipv6-address}

set ipv6-wins-server1 {ipv6-address}

set ipv6-wins-server2 {ipv6-address}

set web-mode [enable|disable]

set display-bookmark [enable|disable]

set user-bookmark [enable|disable]

set allow-user-access {option1}, {option2}, ...

set user-group-bookmark [enable|disable]

config bookmark-group

Description: Portal bookmark group.

edit <name>

config bookmarks

Description: Bookmark table.

edit <name>

set apptype [ftp|rdp|...]

set url {var-string}

set host {var-string}

set folder {var-string}

set domain {var-string}

set additional-params {var-string}

set description {var-string}

set keyboard-layout [ar-101|ar-102|...]

set security [rdp|nla|...]

set send-preconnection-id [enable|disable]

set preconnection-id {integer}

set preconnection-blob {var-string}

set load-balancing-info {var-string}

set restricted-admin [enable|disable]

set port {integer}

set logon-user {var-string}

set logon-password {password}

set color-depth [32|16|...]

set sso [disable|static|...]

config form-data

Description: Form data.

edit <name>

set value {var-string}

next

end

set sso-credential [sslvpn-login|alternative]

set sso-username {var-string}

set sso-password {password}

set sso-credential-sent-once [enable|disable]

next

end

next

end

set display-connection-tools [enable|disable]

set display-history [enable|disable]

set display-status [enable|disable]

set rewrite-ip-uri-ui [enable|disable]

set heading {string}

set redir-url {var-string}

set theme [jade|neutrino|...]

set custom-lang {string}

set smb-ntlmv1-auth [enable|disable]

set smbv1 [enable|disable]

set smb-min-version [smbv1|smbv2|...]

set smb-max-version [smbv1|smbv2|...]

set use-sdwan [enable|disable]

set prefer-ipv6-dns [enable|disable]

set clipboard [enable|disable]

set host-check [none|av|...]

set host-check-interval {integer}

set host-check-policy <name1>, <name2>, ...

set limit-user-logins [enable|disable]

set mac-addr-check [enable|disable]

set mac-addr-action [allow|deny]

config mac-addr-check-rule

Description: Client MAC address check rule.

edit <name>

set mac-addr-mask {integer}

set mac-addr-list <addr1>, <addr2>, ...

next

end

set os-check [enable|disable]

config os-check-list

Description: SSL-VPN OS checks.

edit <name>

set action [deny|allow|...]

set tolerance {integer}

set latest-patch-level {user}

next

end

set forticlient-download [enable|disable]

set forticlient-download-method [direct|ssl-vpn]

set customize-forticlient-download-url [enable|disable]

set windows-forticlient-download-url {var-string}

set macos-forticlient-download-url {var-string}

set skip-check-for-unsupported-os [enable|disable]

set skip-check-for-browser [enable|disable]

set hide-sso-credential [enable|disable]

config split-dns

Description: Split DNS for SSL-VPN.

edit <id>

set domains {var-string}

set dns-server1 {ipv4-address}

set dns-server2 {ipv4-address}

set ipv6-dns-server1 {ipv6-address}

set ipv6-dns-server2 {ipv6-address}

next

end

next

end

config vpn ssl web portal

Parameter

Description

Type

Size

Default

tunnel-mode

Enable/disable IPv4 SSL-VPN tunnel mode.

option

-

disable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

ip-mode

Method by which users of this SSL-VPN tunnel obtain IP addresses.

option

-

range

 

Option

Description

range

Use the IP addresses available for all SSL-VPN users as defined by the SSL settings command.

user-group

Use IP the addresses associated with individual users or user groups (usually from external auth servers).

auto-connect

Enable/disable automatic connect by client when system is up.

option

-

disable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

keep-alive

Enable/disable automatic reconnect for FortiClient connections.

option

-

disable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

save-password

Enable/disable FortiClient saving the user's password.

option

-

disable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

ip-pools <name>

IPv4 firewall source address objects reserved for SSL-VPN tunnel mode clients.

Address name.

string

Maximum length: 79

exclusive-routing

Enable/disable all traffic go through tunnel only.

option

-

disable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

service-restriction

Enable/disable tunnel service restriction.

option

-

disable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

split-tunneling

Enable/disable IPv4 split tunneling.

option

-

enable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

split-tunneling-routing-negate

Enable to negate split tunneling routing address.

option

-

disable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

split-tunneling-routing-address <name>

IPv4 SSL-VPN tunnel mode firewall address objects that override firewall policy destination addresses to control split-tunneling access.

Address name.

string

Maximum length: 79

dns-server1

IPv4 DNS server 1.

ipv4-address

Not Specified

0.0.0.0

dns-server2

IPv4 DNS server 2.

ipv4-address

Not Specified

0.0.0.0

dns-suffix

DNS suffix.

var-string

Maximum length: 253

wins-server1

IPv4 WINS server 1.

ipv4-address

Not Specified

0.0.0.0

wins-server2

IPv4 WINS server 1.

ipv4-address

Not Specified

0.0.0.0

ipv6-tunnel-mode

Enable/disable IPv6 SSL-VPN tunnel mode.

option

-

disable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

ipv6-pools <name>

IPv6 firewall source address objects reserved for SSL-VPN tunnel mode clients.

Address name.

string

Maximum length: 79

ipv6-exclusive-routing

Enable/disable all IPv6 traffic go through tunnel only.

option

-

disable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

ipv6-service-restriction

Enable/disable IPv6 tunnel service restriction.

option

-

disable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

ipv6-split-tunneling

Enable/disable IPv6 split tunneling.

option

-

enable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

ipv6-split-tunneling-routing-negate

Enable to negate IPv6 split tunneling routing address.

option

-

disable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

ipv6-split-tunneling-routing-address <name>

IPv6 SSL-VPN tunnel mode firewall address objects that override firewall policy destination addresses to control split-tunneling access.

Address name.

string

Maximum length: 79

ipv6-dns-server1

IPv6 DNS server 1.

ipv6-address

Not Specified

::

ipv6-dns-server2

IPv6 DNS server 2.

ipv6-address

Not Specified

::

ipv6-wins-server1

IPv6 WINS server 1.

ipv6-address

Not Specified

::

ipv6-wins-server2

IPv6 WINS server 2.

ipv6-address

Not Specified

::

web-mode

Enable/disable SSL-VPN web mode.

option

-

disable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

display-bookmark

Enable to display the web portal bookmark widget.

option

-

enable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

user-bookmark

Enable to allow web portal users to create their own bookmarks.

option

-

enable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

allow-user-access

Allow user access to SSL-VPN applications.

option

-

web ftp smb sftp telnet ssh vnc rdp ping

 

Option

Description

web

HTTP/HTTPS access.

ftp

FTP access.

smb

SMB/CIFS access.

sftp

SFTP access.

telnet

TELNET access.

ssh

SSH access.

vnc

VNC access.

rdp

RDP access.

ping

PING access.

user-group-bookmark

Enable to allow web portal users to create bookmarks for all users in the same user group.

option

-

enable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

display-connection-tools

Enable to display the web portal connection tools widget.

option

-

enable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

display-history

Enable to display the web portal user login history widget.

option

-

enable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

display-status

Enable to display the web portal status widget.

option

-

enable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

rewrite-ip-uri-ui

Rewrite contents for URI contains IP and "/ui/".

option

-

disable

 

Option

Description

enable

Enable contents rewrite for URI contains "IP-address/ui/".

disable

Disable contents rewrite for URI contains "IP-address/ui/".

heading

Web portal heading message.

string

Maximum length: 31

SSL-VPN Portal

redir-url

Client login redirect URL.

var-string

Maximum length: 255

theme

Web portal color scheme.

option

-

neutrino

 

Option

Description

jade

Jade theme.

neutrino

Neutrino theme.

mariner

Mariner theme.

graphite

Graphite theme.

melongene

Melongene theme.

dark-matter

Dark Matter theme.

onyx

Onyx theme.

eclipse

Eclipse theme.

custom-lang

Change the web portal display language. Overrides config system global set language. You can use config system custom-language and execute system custom-language to add custom language files.

string

Maximum length: 35

smb-ntlmv1-auth

Enable support of NTLMv1 for Samba authentication.

option

-

disable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

smbv1

smbv1

option

-

disable

 

Option

Description

enable

enable

disable

disable

smb-min-version

SMB minimum client protocol version.

option

-

smbv2

 

Option

Description

smbv1

SMB version 1.

smbv2

SMB version 2.

smbv3

SMB version 3.

smb-max-version

SMB maximum client protocol version.

option

-

smbv3

 

Option

Description

smbv1

SMB version 1.

smbv2

SMB version 2.

smbv3

SMB version 3.

use-sdwan

Use SD-WAN rules to get output interface.

option

-

disable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

prefer-ipv6-dns

prefer to query IPv6 dns first if enabled.

option

-

disable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

clipboard

Enable to support RDP/VPC clipboard functionality.

option

-

enable

 

Option

Description

enable

Enable support of RDP/VNC clipboard.

disable

Disable support of RDP/VNC clipboard.

host-check

Type of host checking performed on endpoints.

option

-

none

 

Option

Description

none

No host checking.

av

AntiVirus software recognized by the Windows Security Center.

fw

Firewall software recognized by the Windows Security Center.

av-fw

AntiVirus and firewall software recognized by the Windows Security Center.

custom

Custom.

host-check-interval

Periodic host check interval. Value of 0 means disabled and host checking only happens when the endpoint connects.

integer

Minimum value: 120 Maximum value: 259200

0

host-check-policy <name>

One or more policies to require the endpoint to have specific security software.

Host check software list name.

string

Maximum length: 79

limit-user-logins

Enable to limit each user to one SSL-VPN session at a time.

option

-

disable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

mac-addr-check

Enable/disable MAC address host checking.

option

-

disable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

mac-addr-action

Client MAC address action.

option

-

allow

 

Option

Description

allow

Allow connection when client MAC address is matched.

deny

Deny connection when client MAC address is matched.

os-check

Enable to let the FortiGate decide action based on client OS.

option

-

disable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

forticlient-download

Enable/disable download option for FortiClient.

option

-

enable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

forticlient-download-method

FortiClient download method.

option

-

direct

 

Option

Description

direct

Download via direct link.

ssl-vpn

Download via SSL-VPN.

customize-forticlient-download-url

Enable support of customized download URL for FortiClient.

option

-

disable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

windows-forticlient-download-url

Download URL for Windows FortiClient.

var-string

Maximum length: 1023

macos-forticlient-download-url

Download URL for Mac FortiClient.

var-string

Maximum length: 1023

skip-check-for-unsupported-os

Enable to skip host check if client OS does not support it.

option

-

enable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

skip-check-for-browser

Enable to skip host check for browser support.

option

-

enable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

hide-sso-credential

Enable to prevent SSO credential being sent to client.

option

-

enable

 

Option

Description

enable

Enable setting.

disable

Disable setting.

config bookmarks

Parameter

Description

Type

Size

Default

apptype

Application type.

option

-

web

 

Option

Description

ftp

FTP.

rdp

RDP.

sftp

SFTP.

smb

SMB/CIFS.

ssh

SSH.

telnet

Telnet.

vnc

VNC.

web

HTTP/HTTPS.

url

URL parameter.

var-string

Maximum length: 128

host

Host name/IP parameter.

var-string

Maximum length: 128

folder

Network shared file folder parameter.

var-string

Maximum length: 128

domain

Login domain.

var-string

Maximum length: 128

additional-params

Additional parameters.

var-string

Maximum length: 128

description

Description.

var-string

Maximum length: 128

keyboard-layout