Fortinet black logo
Best Practices | Solutions Hub



Quick Start

This section outlines a recommended basic SSL VPN setup for remote access

  • Tunnel mode SSL VPN with split tunneling
  • Local user configuration
  • Remote Access to a single network via FortiClient VPN client
  • Setting up a basic split tunnel SSL VPN
  • Downloading FortiClient standalone VPN client
  • Connecting from FortiClient VPN client

With Multi-Factor Authentication

  • Setting up a SSL VPN tunnel with FortiToken MFA
  • Downloading the FortiToken Mobile App
  • Connecting from FortiClient with FortiToken

Additional SSL VPN Solutions

This section covers more variations of SSL VPN setups. Please review Best Practices first to understand more about the solutions

  • Best Practices in configuring SSL VPN


  • SSL VPN full tunnel for remote user
  • SSL VPN web mode for remote user

Enterprise Authentication

  • SSL VPN with LDAP user authentication
  • SSL VPN for different User Groups and Access Permissions
  • FortiGate SAML SP for VPN authentication
  • FortiClient SAML support for SSL VPN

High Performance VPN Load Balancing

  • Load balancing SSL VPN with FortiADC and FortiGates


  • Troubleshooting SSL-VPN

IPSEC VPN Solutions

  • IPSEC VPN with FortiClient dialup client
  • Connecting the FortiClient for IPSEC VPN
  • Adding FortiToken MFA to IPSEC VPN
  • Adding LDAP user authentication to IPSEC VPN
  • Load balancing IPSEC VPN with FortiADC and FortiGates
  • Troubleshooting IPSEC VPN

Multi-Factor Authentication


  • FortiToken Mobile Quick Start Guide
  • Using IOS In-app purchase to buy more tokens

Using FortiToken Cloud Multi-Factor Authentication Service

  • FortiToken Cloud Quick Start Guide


  • SSL VPN with RADIUS on FortiAuthenticator
  • SSL VPN with RADIUS and FortiToken mobile push on FortiAuthenticator

Fully Managed Remote Endpoints

FortiClient EMS and FortiClient Cloud Solutions

This section outlines solutions for centrally managing your remote endpoints.

  • Understanding FortiClient Licensing
  • Setting up your EMS Server
  • Importing Endpoints from AD Server
  • Provisioning FortiClient from EMS Server
  • Using FortiClient Trial License
  • Managing clients with FortiClient Cloud
  • Restricting VPN access using Zero Trust Tagging

Fully Managed Remote Access Points

Remote FortiAP Solutions

This section outlines solutions for centrally managing your remote wireless networks.

  • Deploying secured remote APs for the Teleworker