Creating SSL VPN portal profiles
To create SSL VPN portal profiles, you must be logged in as an administrator with sufficient privileges. Multiple profiles can be created.
To create portal profiles:
- Go to VPN Manager > SSL-VPN and select Portal Profiles in the tree menu.
- Click Create New in the toolbar, or right-click and select Create New. The Create New pane is displayed.
- Configure the following settings, then select OK to create the profile.
Name
Enter a name for the portal.
Limit Users to One SSL VPN Connection at a Time
Set the SSL VPN tunnel so that each user can only be logged in to the tunnel one time per user log in. Once they are logged in to the portal, they cannot go to another system and log in with the same credentials until they log out of the first connection.
Tunnel Mode
Select to configure and enable tunnel mode access. These settings determine how tunnel mode clients are assigned IPv4 addresses.
Enable Split Tunneling
Select so that the VPN carries only the traffic for the networks behind the FortiGate unit. The user’s other traffic follows its normal route.
Routing Address
If you enable split tunneling, you are required to set the address that your corporate network is using. Traffic intended for the routing address will not be split from the tunnel.
Source IP Pools
Select an IPv4 pool for users to acquire an IP address when connecting to the portal. There is always a default pool available if you do not create your own.
IPv6 Tunnel Mode
Select to configure and enable tunnel mode access. These settings determine how tunnel mode clients are assigned IPv6 addresses.
Enable IPv6 Split Tunneling
Select so that the VPN carries only the traffic for the networks behind the FortiGate unit. The user’s other traffic follows its normal route.
IPv6 Routing Address
If you enable split tunneling, you are required to set the address that your corporate network is using. Traffic intended for the routing address will not be split from the tunnel.
Source IP Pools
Select an IPv6 pool for users to acquire an IP address when connecting to the portal. There is always a default pool available if you do not create your own.
Tunnel Mode Client Options
These options affect how the FortiClient application behaves when connected to the FortiGate VPN tunnel. When enabled, a checkbox for the corresponding option appears on the VPN log in screen in FortiClient, and is disabled by default.
Allow client to save password
The user's password is stored on the user’s computer and will automatically populate each time they connect to the VPN.
Allow client to connect automatically
When the FortiClient application is launched, for example after a reboot or system start up, FortiClient will automatically attempt to connect to the VPN tunnel.
Allow client to keep connections alive
The FortiClient connection will not shut down. When not selected, during periods of inactivity, FortiClient will attempt to stay connected every three minutes for a maximum of 10 minutes.
Enable Web Mode
Select to enable web mode access.
Portal Message
The text header that appears on the top of the web portal.
Theme
A color styling specifically for the web portal: blue, green, mariner, melongene, or red.
Show Session Information
Display the Session Information widget on the portal page. The widget displays the log in name of the user, the amount of time the user has been logged in, and the inbound and outbound traffic statistics.
Show Connection Launcher
Display the Connection Launcher widget on the portal page. Use the widget to connect to an internal network resource without adding a bookmark to the bookmark list. You select the type of resource and specify the URL or IP address of the host computer.
Show Login History
Include user log in history on the web portal, then specify the number of history entries.
User Bookmarks
Include bookmarks on the web portal.
Bookmarks are used as links to internal network resources. When a bookmark is selected from a bookmark list, a pop-up window opens with the web page. VNC and RDP require a browser plugin. FTP and Samba replace the bookmarks page with an HTML file-browser.
Pre-Defined Bookmarks
The list of predefined bookmarks.
Click Create New to add a bookmark. See Predefined bookmarks for information.
Enable FortiClient Download
Select to enable FortiClient downloads.
Download Method
Select the method to use for downloading FortiClient from the SSL VPN portal. Choose between Direct and SSL-VPN Proxy.
This option is only available when Enable FortiClient Download is On.
Customize Download Location
Select to specify a custom location to use for downloading FortiClient. You can specify a location for FortiClient (Windows) and FortiClient (Mac). Type the URL in the Windows box and/or Mac box.
This option is only available when Enable FortiClient Download is On.
Advanced Options
Configure advanced options. For information, see the FortiOS CLI Reference.