Fortinet FORTIOS V3.0 MR7 manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90

Ir a la página of

Buen manual de instrucciones

Las leyes obligan al vendedor a entregarle al comprador, junto con el producto, el manual de instrucciones Fortinet FORTIOS V3.0 MR7. La falta del manual o facilitar información incorrecta al consumidor constituyen una base de reclamación por no estar de acuerdo el producto con el contrato. Según la ley, está permitido adjuntar un manual de otra forma que no sea en papel, lo cual últimamente es bastante común y los fabricantes nos facilitan un manual gráfico, su versión electrónica Fortinet FORTIOS V3.0 MR7 o vídeos de instrucciones para usuarios. La condición es que tenga una forma legible y entendible.

¿Qué es un manual de instrucciones?

El nombre proviene de la palabra latina “instructio”, es decir, ordenar. Por lo tanto, en un manual Fortinet FORTIOS V3.0 MR7 se puede encontrar la descripción de las etapas de actuación. El propósito de un manual es enseñar, facilitar el encendido o el uso de un dispositivo o la realización de acciones concretas. Un manual de instrucciones también es una fuente de información acerca de un objeto o un servicio, es una pista.

Desafortunadamente pocos usuarios destinan su tiempo a leer manuales Fortinet FORTIOS V3.0 MR7, sin embargo, un buen manual nos permite, no solo conocer una cantidad de funcionalidades adicionales del dispositivo comprado, sino también evitar la mayoría de fallos.

Entonces, ¿qué debe contener el manual de instrucciones perfecto?

Sobre todo, un manual de instrucciones Fortinet FORTIOS V3.0 MR7 debe contener:
- información acerca de las especificaciones técnicas del dispositivo Fortinet FORTIOS V3.0 MR7
- nombre de fabricante y año de fabricación del dispositivo Fortinet FORTIOS V3.0 MR7
- condiciones de uso, configuración y mantenimiento del dispositivo Fortinet FORTIOS V3.0 MR7
- marcas de seguridad y certificados que confirmen su concordancia con determinadas normativas

¿Por qué no leemos los manuales de instrucciones?

Normalmente es por la falta de tiempo y seguridad acerca de las funcionalidades determinadas de los dispositivos comprados. Desafortunadamente la conexión y el encendido de Fortinet FORTIOS V3.0 MR7 no es suficiente. El manual de instrucciones siempre contiene una serie de indicaciones acerca de determinadas funcionalidades, normas de seguridad, consejos de mantenimiento (incluso qué productos usar), fallos eventuales de Fortinet FORTIOS V3.0 MR7 y maneras de solucionar los problemas que puedan ocurrir durante su uso. Al final, en un manual se pueden encontrar los detalles de servicio técnico Fortinet en caso de que las soluciones propuestas no hayan funcionado. Actualmente gozan de éxito manuales de instrucciones en forma de animaciones interesantes o vídeo manuales que llegan al usuario mucho mejor que en forma de un folleto. Este tipo de manual ayuda a que el usuario vea el vídeo entero sin saltarse las especificaciones y las descripciones técnicas complicadas de Fortinet FORTIOS V3.0 MR7, como se suele hacer teniendo una versión en papel.

¿Por qué vale la pena leer los manuales de instrucciones?

Sobre todo es en ellos donde encontraremos las respuestas acerca de la construcción, las posibilidades del dispositivo Fortinet FORTIOS V3.0 MR7, el uso de determinados accesorios y una serie de informaciones que permiten aprovechar completamente sus funciones y comodidades.

Tras una compra exitosa de un equipo o un dispositivo, vale la pena dedicar un momento para familiarizarse con cada parte del manual Fortinet FORTIOS V3.0 MR7. Actualmente se preparan y traducen con dedicación, para que no solo sean comprensibles para los usuarios, sino que también cumplan su función básica de información y ayuda.

Índice de manuales de instrucciones

  • Página 1

    www.fortinet.com FortiO S v 3. 0 MR 7 SSL VPN User Guide USER GUIDE[...]

  • Página 2

    FortiGate v 3.0 MR7 SSL VPN User Guide 18 July 2008 01-30007-03 48-20080718 © Copyright 2008 Fortine t, Inc. All rights reserved. No part of this publication including text, examp l es, diagrams or illustrations may be re produced, transmitted, or translate d in any form or by any means, electronic, mechanical, manual, op tical or otherwise, for a[...]

  • Página 3

    Contents FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 3 Contents Introduction ............... ................................. .............................. .......... 7 About FortiGate SSL VPN ................................. ................ ................... ............. 7 About this document ............... ............. ..[...]

  • Página 4

    FortiOS v3.0 MR7 SSL VPN User Guide 4 01-30007-0348-200807 18 Contents Configuring SSL VPN settings ...... ... ... .... ... ... ... ....... ... ... ... .... ... ... ... ... .... ... ... ... . 36 Enabling SSL VPN connecti ons and editing SSL V PN settings .. .............. 36 Specifying a port number for web portal connections ......... ............[...]

  • Página 5

    Contents FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 5 Tunnel-mode features ..... .................... ................ ................... ................ ........ 80 Working with the ActiveX/J ava Platform plug-in .... .......................... ........... 81 Uninstalling the ActiveX/Java Platform plugin ....... ................[...]

  • Página 6

    FortiOS v3.0 MR7 SSL VPN User Guide 6 01-30007-0348-200807 18 Contents[...]

  • Página 7

    Introduction About FortiGate SSL VPN FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-2008071 8 7 Introduction This section introduces you to FortiG ate™ Secure Sockets Layer (SSL) VPN technology and provides suppleme nta ry in formation about For tinet™ publications. The following topics are incl uded in this section: • About FortiGate SSL [...]

  • Página 8

    FortiOS v3.0 MR7 SSL VPN User Guide 8 01-30007-0348-200807 18 About this document Introduction Whether to use web- only or tunnel mode dep ends on the number an d type of applications installed on the remote computer . Access to any application not supported through web-only mode can be supported through tunn el mode. For more information about the[...]

  • Página 9

    Introduction FortiGate documentation FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 9 Typographic conventions FortiGate document ation uses the fo llowing typographical co nventions: FortiGate document ation The most up-to-date publication s and pr evious rele ases of For tinet produc t documentation are available from the Fortinet T e[...]

  • Página 10

    FortiOS v3.0 MR7 SSL VPN User Guide 10 01-30007-0348-200807 18 Related documentation Introduction • FortiGate CLI Reference Describes how to use the FortiGa te CL I and c ontains a refere nce to all FortiGate CLI commands. • FortiGate Log Message Refere nce Available exclusively from the Fortinet Knowledge Center , the FortiGate Log Message Ref[...]

  • Página 11

    Introduction Related documentation FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 11 FortiClient documentation • FortiClient Host Se curity User Guide Describes how to use Fort iClient Host Security software to set up a VPN connection from your computer to rem ote networks, scan your computer for viruses, and restrict access to your [...]

  • Página 12

    FortiOS v3.0 MR7 SSL VPN User Guide 12 01-30007-0348-200807 18 Customer service and technical support Introduction Comments on Fortinet t echnical documentation Please send inform a tio n ab ou t an y er ro rs or omissions in this document, or any Fortinet technical docu mentation, to techdoc@fortinet.com. Customer service and technical support For[...]

  • Página 13

    Configuring a FortiGate SSL VPN Comp arison of SSL and IPSec VPN technology FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-2008071 8 13 Configuring a FortiGate SSL VPN This section pr ovides a comparison of SSL and IPSec VPN technology , in addition to an overview of the two modes of SSL VPN oper ation. The high-level step s for configuring each[...]

  • Página 14

    FortiOS v3.0 MR7 SSL VPN User Guide 14 01-30007-0348-200807 18 Comparison of SSL and IPSec VPN technology Configuring a FortiGate SSL VPN Legacy versus web-enabled applications IPSec is well suited to ne twork-based legacy applica tions that are no t web- based. As a layer 3 technolo gy , IP Sec creates a secure tunnel between two host devices. IP [...]

  • Página 15

    Configuring a FortiGate SSL VP N SSL VPN modes of operation FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 15 SSL VPNs provide secure access to ce rtain application s. Web-only mod e provides remote users with acce ss to serv er applicatio ns from any thin client computer equipped with a web b rowser . T unnel-mod e provides remo te us[...]

  • Página 16

    FortiOS v3.0 MR7 SSL VPN User Guide 16 01-30007-0348-200807 18 SSL VPN modes of operation Configuring a FortiGate SSL VPN In web-only mode, the For tiGate unit act s as a secure HTTP/HT TPS gateway and authenticates remote users as members of a user group. After successful authentication, the FortiGate un it redirects the web browser to the web po [...]

  • Página 17

    Configuring a Fo rtiGate SSL VPN T opology FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 17 When the user initiates a VPN conne ction with the Fo rtiGate unit thr ough the SSL VPN client, the FortiGate unit establishe s a tunnel with the client and assigns the client a virtual IP addres s from a range of reserved addresse s. The clien[...]

  • Página 18

    FortiOS v3.0 MR7 SSL VPN User Guide 18 01-30007-0348-200807 18 T opology Configuring a Fo rtiGate SSL VPN Figure 1: Example SSL VPN configuration T o provide remote clients with access to all of the servers on Subnet_1 from the Internet, you would configu re FortiGate_1 as follows: • Create an SSL VPN user group and inclu de the remote users in t[...]

  • Página 19

    Configuring a Fo rtiGate SSL VPN Configuration overview FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 19 Configuration overview Before you be gin, install your choic e of HTTP/HT TPS, telnet, SSH, FTP , SMB/CIFS, VNC, and/or RDP server applications on the internal network. As an alternative, these servic es may be accessed r emotely t[...]

  • Página 20

    FortiOS v3.0 MR7 SSL VPN User Guide 20 01-30007-0348-200807 18 Configuring the SSL VPN client Configuring a FortiGate SSL VPN SSL VPN Virt ua l Desktop ap plication. The virtual desktop application creates a virtual desktop on a user's PC and monitors the dat a read/write activity of the web browser running inside the virtual desktop. When the[...]

  • Página 21

    Configuring a FortiGat e SSL VPN Configuring the SSL VPN client FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 21 The FortiGate index p age opens. 4 Select v3.0 and then MR7. This takes you to the page with firmware images for MR7. 5 Select SSL VPN Clients.[...]

  • Página 22

    FortiOS v3.0 MR7 SSL VPN User Guide 22 01-30007-0348-200807 18 Configuring the SSL VPN client Configuring a FortiGate SSL VPN 6 T o download the SSL VPN V i rtual Desktop, select SSLVPNVirtualDesktopSetup_3.0.384.exe and follow the InstallSh ield Wizard instructions. Figure 2: FortiClient SSL VPN Inst allShield Wizard welcome screen 7 T o run th e [...]

  • Página 23

    Configuring a FortiGat e SSL VPN Configuring the SSL VPN client FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 23 The FortiGate unit will redirect your web browser to the FortiGate SSL VPN Remote Access Web Po rtal home p age automatically . The fields in the T oo ls a rea e nable yo u to sp ecify the URL or IP ad dress of a host compu[...]

  • Página 24

    FortiOS v3.0 MR7 SSL VPN User Guide 24 01-30007-0348-200807 18 Configuring the SSL VPN client Configuring a FortiGate SSL VPN T o download the SSL VPN st andalone tunnel client (W indows) 1 Go to the Fortinet T echnologies home p a ge at http://support.fortinet.c om/ and select Support. 2 Under Support, enter yo ur user name and passwo rd. This tak[...]

  • Página 25

    Configuring a FortiGat e SSL VPN Configuring the SSL VPN client FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 25 This takes you to the page with firmware images for MR7. 5 Select SSL VPN Clients. 6 T o download the SSL VPN Windo ws client application, select FortiClientSSLVPNSetup_3.0.384.exe or FortiClientSSLVPN_3.0_384.msi and follo[...]

  • Página 26

    FortiOS v3.0 MR7 SSL VPN User Guide 26 01-30007-0348-200807 18 Configuring the SSL VPN client Configuring a FortiGate SSL VPN T o use the SSL VPN s tan dalone tunnel client (W indows) 1 Go to Star t > All Programs > Fortinet > FortiClient SSL VPN > FortiClient SSL VPN . 2 Select Connect. 3 T o manually terminate the connection, select E[...]

  • Página 27

    Configuring a FortiGat e SSL VPN Configuring the SSL VPN client FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 27 T o download the SSL VPN st andalone tunnel clie nt (Linux) 1 Go to the Fortinet T echnolo gie s home page at http://support.fortinet.com/ and select Support. 2 Under Support, enter your user name and pa ssword. This ta kes[...]

  • Página 28

    FortiOS v3.0 MR7 SSL VPN User Guide 28 01-30007-0348-200807 18 Configuring the SSL VPN client Configuring a FortiGate SSL VPN This takes you to the p age with firmware images for MR7. 5 Select SSL VPN Clients. 6 T o download the SSL VPN standalone tun nel client (Linux), select forticlientsslvpn_linu x_3.0.384.tar .gz, extrac t the package file to [...]

  • Página 29

    Configuring a FortiGat e SSL VPN Configuring the SSL VPN client FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 29 The FortiClient SSL VPN tunne l client (Linux) opens. After this initial setup is complete, a user with a normal (non-administrator) account can establish a SSL VPN tunn el se ssio n.[...]

  • Página 30

    FortiOS v3.0 MR7 SSL VPN User Guide 30 01-30007-0348-200807 18 Configuring the SSL VPN client Configuring a FortiGate SSL VPN T o use the SSL VPN s tan dalone tunnel client (Lin ux) 1 Go to the folder that you downloaded the Linux tunnel client application into, and double-click on ‘ forticlientsslvpn ’. The FortiClient SSL VPN tun nel client ([...]

  • Página 31

    Configuring a FortiGat e SSL VPN Configuring the SSL VPN client FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 31 T o uninst all the SSL VPN standalone tun nel client (Linux) Remove/delete the folde r containing a ll the SSL VPN client application files. T o download the SSL VPN st andalone tunnel clie nt (MacOS) 1 Go to the Fortinet T[...]

  • Página 32

    FortiOS v3.0 MR7 SSL VPN User Guide 32 01-30007-0348-200807 18 Configuring the SSL VPN client Configuring a FortiGate SSL VPN 4 Select v3.0 and then MR7. This takes you to the p age with firmware images for MR7. 5 Select SSL VPN Clients. 6 T o download the SSL VPN MacOS client appl ication, double-click on the client file forticlientsslvpn_macosx_3[...]

  • Página 33

    Configuring a FortiGat e SSL VPN Configuring the SSL VPN client FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 33 T o use the SSL VPN st andalone tunnel client (MacOS) 1 Go to the Applications folder and doub le-click on forticlientsslvpn . The FortiClient SSL VPN tunne l client (MacOS) opens. T o uninst all the SSL VPN standalon e tun[...]

  • Página 34

    FortiOS v3.0 MR7 SSL VPN User Guide 34 01-30007-0348-200807 18 Configuring SSL VPN settings Configuring a Forti Gate SSL VPN Configuring SSL VPN settings Y ou can configure and manage the FortiGate unit through a secure HTTP (HTTPS) connection from any computer run ning a web browser . For information about how to connect to the we b-based manager [...]

  • Página 35

    Configuring a FortiGate SSL VP N Configuring SSL VPN settings FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 35 Figure 5: Edit SSL VPN settings Enable SSL VPN Select to enable SSL VPN connections. T unnel IP Range S pecify the range of IP addresses reserved for tunnel - mode SSL VPN clients. T ype the starting and ending address that d[...]

  • Página 36

    FortiOS v3.0 MR7 SSL VPN User Guide 36 01-30007-0348-200807 18 Configuring SSL VPN settings Configuring a Forti Gate SSL VPN When you finish making your selections, select Apply . Specifying a port number fo r web portal connections Y ou can optionally specify a different TCP port number for users to access the web port al login page through the HT[...]

  • Página 37

    Configuring a FortiGate SSL VP N Configuring SSL VPN settings FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 37 T o reserve a range of IP addresses for tun nel-mo de clients 1 Go to VPN > SSL > Config . 2 In the T unnel IP Range fields, type the starting and ending IP addresses (for example, 10.254.254.80 to 10.254.254.100 ). 3 S[...]

  • Página 38

    FortiOS v3.0 MR7 SSL VPN User Guide 38 01-30007-0348-200807 18 Configuring SSL VPN settings Configuring a Forti Gate SSL VPN Setting the client auth entication timeout setting The client authentication timeout setting controls how long an authen ticated connection will remain connec ted. When this time expire s, the system forces the remote client [...]

  • Página 39

    Configuring a FortiGate SSL VPN Configuri n g use r acc ounts and SSL VPN user gr oups FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 39 2 Select the Edit icon in the row that corresponds to the SSL VPN user group. 3 Expand SSL-VPN Us er Gro up Options. 4 In the Redirect URL field, type the URL of the web page th at you want to display[...]

  • Página 40

    FortiOS v3.0 MR7 SSL VPN User Guide 40 01-30007-0348-200807 18 Configuring user accounts and SSL VPN user groups Configuring a FortiGate SSL VPN Y ou can choose to use a plain text password for authentication through the FortiGate unit (Local domain), forwa rd authentication request s to an external RADIUS or LDAP serv er , or utiliz e PKI ce rtifi[...]

  • Página 41

    Configuring a FortiGate SSL VPN Configuri n g use r acc ounts and SSL VPN user gr oups FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 41 T o create a user group 1 Go to User > User Group an d se lec t Crea te New . 2 In the Name field, type a name for the group (for example , Web-only_group ). 3 From the T ype drop-down list, select[...]

  • Página 42

    FortiOS v3.0 MR7 SSL VPN User Guide 42 01-30007-0348-200807 18 Configuring user accounts and SSL VPN user groups Configuring a FortiGate SSL VPN 7 T o activate the split tunnel feature, select Enable S plit Tunneling. S plit tunneling ensures that only the traf fic for the pr ivate network is sent to the SSL VPN gateway . Internet traf fic is sent [...]

  • Página 43

    Configuring a Fo rtiGate SSL VPN Configuring firewall policies FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 43 Require V irtual Desktop Connection pr events a user from e stablishing a SSL VPN session without using the SSL VPN V irtua l Desktop applicat ion . For more information, see the SSL VPN User Guide. 11 T o enable the F ortiG[...]

  • Página 44

    FortiOS v3.0 MR7 SSL VPN User Guide 44 01-30007-0348-200807 18 Configuring firewall policie s Configuring a FortiGate SSL VPN • specifying the level of SSL encryptio n to use and the auth entication method • binding the user group to th e firewall policy The following topics are included in this section: • Configuring firewall addresses • C[...]

  • Página 45

    Configuring a Fo rtiGate SSL VPN Configuring firewall policies FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 45 5 Select OK. T o define the firewall policy for web- only mode connections 1 Go to Firewall > Policy and select Create New . 2 Enter these settings in pa rticular: 3 Select OK. 4 If the user group requires access to anoth[...]

  • Página 46

    FortiOS v3.0 MR7 SSL VPN User Guide 46 01-30007-0348-200807 18 Configuring firewall policie s Configuring a FortiGate SSL VPN Configuring tunnel-mode firewall policies Follow the procedures in this section to complete a tunnel- mode configuration. These procedures a ssume that you have already completed the pr ocedures found in “Configuring use r[...]

  • Página 47

    Configuring a Fo rtiGate SSL VPN Configuring firewall policies FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 47 3 From the T ype list, se lect Subnet/IP Range. 4 In the Subnet/IP Range field, type the co rrespo nding IP address and subnet mask (for example, 172.16.10.0/24 ). If the remote client’ s IP address is unknown, the Subnet [...]

  • Página 48

    FortiOS v3.0 MR7 SSL VPN User Guide 48 01-30007-0348-200807 18 Configuring SSL VPN event-logging Configuring a FortiGate SSL VPN 3 Select OK. 4 If the user group requires access to another server or network, create the IP destination address (see “T o specify the destination IP address” on page 46 ) and repeat this procedure to create the requi[...]

  • Página 49

    Configuring a FortiGate SSL VPN Monitoring active SSL VPN sessions FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 49 4 If logs will be written to system memory , fr om the Log Level list, select Information. For more informatio n, see the “Log & Report” chapter of the FortiGa te Administration Gu ide . 5 Select Apply . T o filt[...]

  • Página 50

    FortiOS v3.0 MR7 SSL VPN User Guide 50 01-30007-0348-200807 18 Configuring SSL VPN bookmarks and bookma rk groups Configuring a FortiGate SSL VPN Figure 7: Monitor list: T unnel-mode conn ection If required, you can e nd a session/conne ctio n by selecting the Delete bu tton in the row that correspond s to the connection. Configuring SSL VPN bookma[...]

  • Página 51

    Configuring a FortiGate SSL VPN Configuring SSL VPN bookmarks and bookmark groups FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 51 • Viewin g the SSL VPN Bookmark Groups list • Configuring SSL VPN bookmark gro ups Configuring SSL VPN bookmarks Go to VPN > SSL > Bookmark and select Create New to creat e hy pe rlin ks to frequ[...]

  • Página 52

    FortiOS v3.0 MR7 SSL VPN User Guide 52 01-30007-0348-200807 18 Configuring SSL VPN bookmarks and bookma rk groups Configuring a FortiGate SSL VPN • Viewing the SSL VPN Bookmark Groups list • Configuring SSL VPN bookm ark groups Viewing the SSL VPN Bookmark Groups list Y ou can create a group of specific bo okmarks that can be included in the co[...]

  • Página 53

    Configuring a FortiGate SSL VPN Configuring SSL VPN bookmarks and bookmark groups FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 53 See also • Configuring SSL VPN settings • Monitoring active SSL VPN sessions • Configuring SSL VPN bookmarks and bo okmark groups • Viewin g the SSL VPN bookmark list • Configuring SSL VPN bookma[...]

  • Página 54

    FortiOS v3.0 MR7 SSL VPN User Guide 54 01-30007-0348-200807 18 SSL VPN host OS patch check Configuring a FortiGate SSL VPN SSL VPN host OS p atch check SSL VPN Client OS Pa tch Check feat ure allows a client with a specific OS patch to access SSL VPN services. The host c heck only works on Windows plat fo rms. This means that MacOS/Linux users can [...]

  • Página 55

    Configuring a FortiGate SSL VPN Granting unique access pe rmissions for SSL VPN tunnel user gro ups FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 55 set tolerance 1 end config sslvpn-os-check-list "windows-xp" set action allow end set member "u1" set sslvpn-split-tunneling enable set sslvpn-http enable next end con[...]

  • Página 56

    FortiOS v3.0 MR7 SSL VPN User Guide 56 01-30007-0348-200807 18 Granting unique access pe rmissions for SSL VPN tunnel user groups Configuring a Forti Gate SSL VPN Sample configuration for unique access pe rmissions with tunnel mode user groups In this sample configuration , there are two user groups , each one with a dedicated IP address range. Fir[...]

  • Página 57

    Configuring a FortiGate SSL VPN Granting unique access pe rmissions for SSL VPN tunnel user gro ups FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 57 Go to User > User Group . Create group1 as an SSL VPN user group with user1 as the member and 10.1.1.1 - 10.1.1.5 0 as the v alues in ‘Restrict tunnel IP range for this group’. Fig[...]

  • Página 58

    FortiOS v3.0 MR7 SSL VPN User Guide 58 01-30007-0348-200807 18 Granting unique access pe rmissions for SSL VPN tunnel user groups Configuring a Forti Gate SSL VPN Figure 17: Source/destin atio n firewall addresses - Public IP Figure 18: Source/d estination firewall addresses - L inux/Windows PC After crea ting the source and destination addresses, [...]

  • Página 59

    Configuring a FortiGate SSL VPN Granting unique access pe rmissions for SSL VPN tunnel user gro ups FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 59 Figure 19: u ser1 firewa ll policy The user2 policy is also an SSL-VPN firewall policy that includes the app licable source and destination addr esses, and has group2 as the user gro up a[...]

  • Página 60

    FortiOS v3.0 MR7 SSL VPN User Guide 60 01-30007-0348-200807 18 SSL VPN virtual interface (ssl.r oot) Configuring a FortiGate SSL VPN Figure 21: Firewall po licy list T o avoid overlap with other firewall polic ies, add a DENY policy below the SSL VPN policies (the source is the SSL VPN tunnel IP range). See Configuring firewall policies for more in[...]

  • Página 61

    Configuring a FortiGate SSL VPN SSL VPN virtual interface (ssl.root) FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 61 Go to Firewall > Policy and select Create New to create a firewall policy . For a standar d configuration, set up the firewall policies listed below . T o allow ssl us ers to brow se the In ternet thro ugh the For t[...]

  • Página 62

    FortiOS v3.0 MR7 SSL VPN User Guide 62 01-30007-0348-200807 18 SSL VPN dropping connections Configuring a FortiGate SSL VPN SSL VPN dropping connections When a FortiGate unit ha s mu ltiple internet connections , the SSL VPN client can connect to the SSL VPN web portal, but when attempting to click Connect to st art tunnel mode SSL VPN, the tunnel [...]

  • Página 63

    Configuring a FortiGate SSL VPN SSL VPN dropping connections FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 63[...]

  • Página 64

    FortiOS v3.0 MR7 SSL VPN User Guide 64 01-30007-0348-200807 18 SSL VPN dropping connections Configuring a FortiGate SSL VPN[...]

  • Página 65

    Working with the we b portal Connecting to the FortiGate unit FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-2008071 8 65 W orking with the web port al This section introduces the web port al features and explains how to configur e them. The following topics are in cluded in this section: • Connecting to the FortiGate unit • Web portal home [...]

  • Página 66

    FortiOS v3.0 MR7 SSL VPN User Guide 66 01-30007-0348-200807 18 Web portal home p age features Working with the web portal 4 When you are pr om p te d fo r you r us er name and password: • In the N ame field, type your user name . • In the Password field, type your p assword. 5 Select Login. The FortiGate unit will redirect your we b browser to [...]

  • Página 67

    Working with the we b portal Web portal home p age features FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 67 Figure 22: FortiGate SSL VPN Re mote Access Web Portal p age If your user account permit s web-only mode access, and your administr ator has set up pre-defined b ookmarks for you, they will appea r in a list under Pre-defined B[...]

  • Página 68

    FortiOS v3.0 MR7 SSL VPN User Guide 68 01-30007-0348-200807 18 Launching web portal applicati ons Working with the web portal In the T ools area, you can connect to a web ser ver or start a telnet session. Y ou can also check connectivity to a host or server on the ne twork behind the FortiGate unit. For more information , see “ S tarting a sessi[...]

  • Página 69

    Working with the we b portal Launching web portal applica tions FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 69 The encryption key is only valid for th e current user session. Once the user logs out, the key is no longer valid. In the case of FTP and SMB, the path/filena me is translated into its hex value for internal encoding purpo[...]

  • Página 70

    FortiOS v3.0 MR7 SSL VPN User Guide 70 01-30007-0348-200807 18 Launching web portal applicati ons Working with the web portal T o add an HTTP or HTTPS connection and acce ss t he web server 1 Select Add Bookmark. 2 In the T itle field , typ e a na m e to re pr es en t th e c onn ec t ion. 3 From the Application T ype list, select Web. 4 In the UR L[...]

  • Página 71

    Working with the we b portal Launching web portal applica tions FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 71 The FortiGate unit replaces th e URL with https:// <FG_IP_address>:<port_no> /proxy/http/ <specified_URL> and the requested pag e is displayed. 7 T o end the session, close the browser window . T o add a t[...]

  • Página 72

    FortiOS v3.0 MR7 SSL VPN User Guide 72 01-30007-0348-200807 18 Launching web portal applicati ons Working with the web portal 9 T o end the session, select Disconnect (or type exit ) and then close the TEL NET connection windo w . T o add an FTP connection and st art an FTP sessio n 1 Select Add Bookmark. 2 In the T itle field , typ e a na m e to r[...]

  • Página 73

    Working with the we b portal Launching web portal applica tions FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 73 After you log in, the files and subdirecto ries in the root directory are displayed. Y ou can switch to a subdirectory from the root directory . For example, the following image shows the content s of a subdirectory named s[...]

  • Página 74

    FortiOS v3.0 MR7 SSL VPN User Guide 74 01-30007-0348-200807 18 Launching web portal applicati ons Working with the web portal 5 Select OK. 6 T o start a SMB/CIFS session, select the hyperlink that you created. 7 When you are prompted to log in to the re mote host, type your user name and password. Y ou must have a user account on the remote host to[...]

  • Página 75

    Working with the we b portal Launching web portal applica tions FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 75 T o add a VNC connect ion and st art a VNC session 1 Select Add Bookmark. 2 In the T itle field, type a na me to represent the connection. 3 From the Application T ype list, select VNC . 4 In the Host Name/IP field, type th[...]

  • Página 76

    FortiOS v3.0 MR7 SSL VPN User Guide 76 01-30007-0348-200807 18 Launching web portal applicati ons Working with the web portal T o add a RDP connection and st art a RDP session 1 Select Add Bookmark. 2 In the T itle field , typ e a na m e to re pr es en t th e c onn ec t ion. 3 From the Application T ype list, select RDP . 4 In the Shared File Folde[...]

  • Página 77

    Working with the we b portal Launching web portal applica tions FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 77 6 T o start a RDP session, select the hyperlink that you create d. 7 When you see a screen configuration dia log, click OK. 8 When you are prompte d to log in to the remote host, type your user name and password. Y ou must [...]

  • Página 78

    FortiOS v3.0 MR7 SSL VPN User Guide 78 01-30007-0348-200807 18 Launching web portal applicati ons Working with the web portal T o add a SSH connection and st art a SSH sessio n 1 Select Add Bookmark. 2 In the T itle field , typ e a na m e to re pr es en t th e c onn ec t ion. 3 From the Application T ype list, select SSH. 4 In the Host Name/IP fiel[...]

  • Página 79

    Working with the we b portal Launching web portal applica tions FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 79 8 A SSH session start s and you are prompted to log in to the rem ote host. Y ou must have a user account to log in. Af ter you log in, you may enter any series of valid commands at the system prompt. 9 T o end the session,[...]

  • Página 80

    FortiOS v3.0 MR7 SSL VPN User Guide 80 01-30007-0348-200807 18 S tarting a session from the T ools area Working with the web portal St arting a session from the T ools area Y ou can connect to any web server or teln et server without adding a bookma rk to the My Bookmarks list. The fields in the T ools area enable you to specify the URL or IP addre[...]

  • Página 81

    Working with the we b portal T unne l-mo de features FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 81 Figure 25: Fortine t SSL VPN Clien t 1.0 page (tunnel mod e) Working with the ActiveX/Java Platform plug-in The ActiveX/Java Plat form plug-ins provide the sof tware that your clie nt computer needs to est ablish an SSL VPN tunnel wit[...]

  • Página 82

    FortiOS v3.0 MR7 SSL VPN User Guide 82 01-30007-0348-200807 18 T unnel -mo de features Working with the web portal T o download and inst all the ActiveX/Java Plat form plugin 1 At the top of the web portal home p age, select the Activate SSL-VPN T unnel Mode link. 2 The FortiGate unit may prompt you to install a Fortinet SSL VPN Client plugin. Foll[...]

  • Página 83

    Working with the we b portal Logging out FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 83 2 Select Connect. Figure 26: T unne l es t ablis he d After the “Fortinet SSL VPN client connected to server” message is displayed and the Disconnect button is enabled (see Figu re 26), you have direct access to the network behind the FortiGa[...]

  • Página 84

    FortiOS v3.0 MR7 SSL VPN User Guide 84 01-30007-0348-200807 18 Logging out Working with the web portal[...]

  • Página 85

    Index FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-2008071 8 85 Index A ActiveX plugin downloading 8 1 uninstalling 83 applications, web-portal 68 authentication timeout setting 40 B bookmarks user-defined 69 C certificates allow group certificate 47 self signed 65 X.509 20 cifs session, establishing 73 cipher suite, SSL negotiations 39 client[...]

  • Página 86

    FortiOS v3.0 MR7 SSL VPN User Guide 86 01-30007-0348-200807 18 Index K keyboard setting, rdp 76 L logging filtering SSL VPN events 51 setting event-logging parameters 50 viewing SSL VPN event logs 51 logging in to FortiGate secure HTTP g ateway 65 loggin g out from web portal page 83 M modes of operation 7, 15 tunnel mode 17 web-only mode 15 My Boo[...]

  • Página 87

    Index FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 87 V Virtual Desktop 21 downloading 2 1 running 21 using 21 vnc session, establishing 75 VPN tunnel, initiating 82 W web portal 69 adding caption to home page 4 0 applications 68 customizing login page 41 Fortinet SSL VPN Client area 80, 82 home page features 66 redirecting to popup [...]

  • Página 88

    FortiOS v3.0 MR7 SSL VPN User Guide 88 01-30007-0348-200807 18 Index[...]

  • Página 89

    www.fortinet.com[...]

  • Página 90

    www.fortinet.com[...]