Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Administration Guide

Creating SSL VPN portal profiles

To create SSL VPN portal profiles, you must be logged in as an administrator with sufficient privileges. Multiple profiles can be created.

To create portal profiles:
  1. Go to VPN Manager > SSL-VPN and select Portal Profiles in the tree menu.
  2. Click Create New in the toolbar, or right-click and select Create New. The Create New pane is displayed.

  3. Configure the following settings, then select OK to create the profile.

    Name

    Enter a name for the portal.

    Limit Users to One SSL VPN Connection at a Time

    Set the SSL VPN tunnel so that each user can only be logged in to the tunnel one time per user log in. Once they are logged in to the portal, they cannot go to another system and log in with the same credentials until they log out of the first connection.

    Tunnel Mode

    Select to configure and enable tunnel mode access. These settings determine how tunnel mode clients are assigned IPv4 addresses.

     

    Enable Split Tunneling

    Select so that the VPN carries only the traffic for the networks behind the FortiGate unit. The user’s other traffic follows its normal route.

     

    Routing Address

    If you enable split tunneling, you are required to set the address that your corporate network is using. Traffic intended for the routing address will not be split from the tunnel.

     

    Source IP Pools

    Select an IPv4 pool for users to acquire an IP address when connecting to the portal. There is always a default pool available if you do not create your own.

    IPv6 Tunnel Mode

    Select to configure and enable tunnel mode access. These settings determine how tunnel mode clients are assigned IPv6 addresses.

     

    Enable IPv6 Split Tunneling

    Select so that the VPN carries only the traffic for the networks behind the FortiGate unit. The user’s other traffic follows its normal route.

     

    IPv6 Routing Address

    If you enable split tunneling, you are required to set the address that your corporate network is using. Traffic intended for the routing address will not be split from the tunnel.

     

    Source IP Pools

    Select an IPv6 pool for users to acquire an IP address when connecting to the portal. There is always a default pool available if you do not create your own.

    Tunnel Mode Client Options

    These options affect how the FortiClient application behaves when connected to the FortiGate VPN tunnel. When enabled, a checkbox for the corresponding option appears on the VPN log in screen in FortiClient, and is disabled by default.

     

    Allow client to save password

    The user's password is stored on the user’s computer and will automatically populate each time they connect to the VPN.

     

    Allow client to connect automatically

    When the FortiClient application is launched, for example after a reboot or system start up, FortiClient will automatically attempt to connect to the VPN tunnel.

     

    Allow client to keep connections alive

    The FortiClient connection will not shut down. When not selected, during periods of inactivity, FortiClient will attempt to stay connected every three minutes for a maximum of 10 minutes.

    Enable Web Mode

    Select to enable web mode access.

     

    Portal Message

    The text header that appears on the top of the web portal.

     

    Theme

    A color styling specifically for the web portal: blue, green, mariner, melongene, or red.

     

    Show Session Information

    Display the Session Information widget on the portal page. The widget displays the log in name of the user, the amount of time the user has been logged in, and the inbound and outbound traffic statistics.

     

    Show Connection Launcher

    Display the Connection Launcher widget on the portal page. Use the widget to connect to an internal network resource without adding a bookmark to the bookmark list. You select the type of resource and specify the URL or IP address of the host computer.

     

    Show Login History

    Include user log in history on the web portal, then specify the number of history entries.

     

    User Bookmarks

    Include bookmarks on the web portal.

    Bookmarks are used as links to internal network resources. When a bookmark is selected from a bookmark list, a pop-up window opens with the web page. VNC and RDP require a browser plugin. FTP and Samba replace the bookmarks page with an HTML file-browser.

     

    Pre-Defined Bookmarks

    The list of predefined bookmarks.

    Click Create New to add a bookmark. See Predefined bookmarks for information.

     

    Enable FortiClient Download

    Select to enable FortiClient downloads.

     

    Download Method

    Select the method to use for downloading FortiClient from the SSL VPN portal. Choose between Direct and SSL-VPN Proxy.

    This option is only available when Enable FortiClient Download is On.

     

    Customize Download Location

    Select to specify a custom location to use for downloading FortiClient. You can specify a location for FortiClient (Windows) and FortiClient (Mac). Type the URL in the Windows box and/or Mac box.

    This option is only available when Enable FortiClient Download is On.

    Advanced Options

    Configure advanced options. For information, see the FortiOS CLI Reference.

Creating SSL VPN portal profiles

To create SSL VPN portal profiles, you must be logged in as an administrator with sufficient privileges. Multiple profiles can be created.

To create portal profiles:
  1. Go to VPN Manager > SSL-VPN and select Portal Profiles in the tree menu.
  2. Click Create New in the toolbar, or right-click and select Create New. The Create New pane is displayed.

  3. Configure the following settings, then select OK to create the profile.

    Name

    Enter a name for the portal.

    Limit Users to One SSL VPN Connection at a Time

    Set the SSL VPN tunnel so that each user can only be logged in to the tunnel one time per user log in. Once they are logged in to the portal, they cannot go to another system and log in with the same credentials until they log out of the first connection.

    Tunnel Mode

    Select to configure and enable tunnel mode access. These settings determine how tunnel mode clients are assigned IPv4 addresses.

     

    Enable Split Tunneling

    Select so that the VPN carries only the traffic for the networks behind the FortiGate unit. The user’s other traffic follows its normal route.

     

    Routing Address

    If you enable split tunneling, you are required to set the address that your corporate network is using. Traffic intended for the routing address will not be split from the tunnel.

     

    Source IP Pools

    Select an IPv4 pool for users to acquire an IP address when connecting to the portal. There is always a default pool available if you do not create your own.

    IPv6 Tunnel Mode

    Select to configure and enable tunnel mode access. These settings determine how tunnel mode clients are assigned IPv6 addresses.

     

    Enable IPv6 Split Tunneling

    Select so that the VPN carries only the traffic for the networks behind the FortiGate unit. The user’s other traffic follows its normal route.

     

    IPv6 Routing Address

    If you enable split tunneling, you are required to set the address that your corporate network is using. Traffic intended for the routing address will not be split from the tunnel.

     

    Source IP Pools

    Select an IPv6 pool for users to acquire an IP address when connecting to the portal. There is always a default pool available if you do not create your own.

    Tunnel Mode Client Options

    These options affect how the FortiClient application behaves when connected to the FortiGate VPN tunnel. When enabled, a checkbox for the corresponding option appears on the VPN log in screen in FortiClient, and is disabled by default.

     

    Allow client to save password

    The user's password is stored on the user’s computer and will automatically populate each time they connect to the VPN.

     

    Allow client to connect automatically

    When the FortiClient application is launched, for example after a reboot or system start up, FortiClient will automatically attempt to connect to the VPN tunnel.

     

    Allow client to keep connections alive

    The FortiClient connection will not shut down. When not selected, during periods of inactivity, FortiClient will attempt to stay connected every three minutes for a maximum of 10 minutes.

    Enable Web Mode

    Select to enable web mode access.

     

    Portal Message

    The text header that appears on the top of the web portal.

     

    Theme

    A color styling specifically for the web portal: blue, green, mariner, melongene, or red.

     

    Show Session Information

    Display the Session Information widget on the portal page. The widget displays the log in name of the user, the amount of time the user has been logged in, and the inbound and outbound traffic statistics.

     

    Show Connection Launcher

    Display the Connection Launcher widget on the portal page. Use the widget to connect to an internal network resource without adding a bookmark to the bookmark list. You select the type of resource and specify the URL or IP address of the host computer.

     

    Show Login History

    Include user log in history on the web portal, then specify the number of history entries.

     

    User Bookmarks

    Include bookmarks on the web portal.

    Bookmarks are used as links to internal network resources. When a bookmark is selected from a bookmark list, a pop-up window opens with the web page. VNC and RDP require a browser plugin. FTP and Samba replace the bookmarks page with an HTML file-browser.

     

    Pre-Defined Bookmarks

    The list of predefined bookmarks.

    Click Create New to add a bookmark. See Predefined bookmarks for information.

     

    Enable FortiClient Download

    Select to enable FortiClient downloads.

     

    Download Method

    Select the method to use for downloading FortiClient from the SSL VPN portal. Choose between Direct and SSL-VPN Proxy.

    This option is only available when Enable FortiClient Download is On.

     

    Customize Download Location

    Select to specify a custom location to use for downloading FortiClient. You can specify a location for FortiClient (Windows) and FortiClient (Mac). Type the URL in the Windows box and/or Mac box.

    This option is only available when Enable FortiClient Download is On.

    Advanced Options

    Configure advanced options. For information, see the FortiOS CLI Reference.