Fortinet FORTIOS V3.0 MR7 инструкция обслуживания

www.fortinet.com FortiO S v 3. 0 MR 7 SSL VPN User Guide USER GUIDE[...]

FortiGate v 3.0 MR7 SSL VPN User Guide 18 July 2008 01-30007-03 48-20080718 © Copyright 2008 Fortine t, Inc. All rights reserved. No part of this publication including text, examp l es, diagrams or illustrations may be re produced, transmitted, or translate d in any form or by any means, electronic, mechanical, manual, op tical or otherwise, for a[...]

Contents FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 3 Contents Introduction ............... ................................. .............................. .......... 7 About FortiGate SSL VPN ................................. ................ ................... ............. 7 About this document ............... ............. ..[...]

FortiOS v3.0 MR7 SSL VPN User Guide 4 01-30007-0348-200807 18 Contents Configuring SSL VPN settings ...... ... ... .... ... ... ... ....... ... ... ... .... ... ... ... ... .... ... ... ... . 36 Enabling SSL VPN connecti ons and editing SSL V PN settings .. .............. 36 Specifying a port number for web portal connections ......... ............[...]

Contents FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 5 Tunnel-mode features ..... .................... ................ ................... ................ ........ 80 Working with the ActiveX/J ava Platform plug-in .... .......................... ........... 81 Uninstalling the ActiveX/Java Platform plugin ....... ................[...]

FortiOS v3.0 MR7 SSL VPN User Guide 6 01-30007-0348-200807 18 Contents[...]

Introduction About FortiGate SSL VPN FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-2008071 8 7 Introduction This section introduces you to FortiG ate™ Secure Sockets Layer (SSL) VPN technology and provides suppleme nta ry in formation about For tinet™ publications. The following topics are incl uded in this section: • About FortiGate SSL [...]

FortiOS v3.0 MR7 SSL VPN User Guide 8 01-30007-0348-200807 18 About this document Introduction Whether to use web- only or tunnel mode dep ends on the number an d type of applications installed on the remote computer . Access to any application not supported through web-only mode can be supported through tunn el mode. For more information about the[...]

Introduction FortiGate documentation FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 9 Typographic conventions FortiGate document ation uses the fo llowing typographical co nventions: FortiGate document ation The most up-to-date publication s and pr evious rele ases of For tinet produc t documentation are available from the Fortinet T e[...]

FortiOS v3.0 MR7 SSL VPN User Guide 10 01-30007-0348-200807 18 Related documentation Introduction • FortiGate CLI Reference Describes how to use the FortiGa te CL I and c ontains a refere nce to all FortiGate CLI commands. • FortiGate Log Message Refere nce Available exclusively from the Fortinet Knowledge Center , the FortiGate Log Message Ref[...]

Introduction Related documentation FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 11 FortiClient documentation • FortiClient Host Se curity User Guide Describes how to use Fort iClient Host Security software to set up a VPN connection from your computer to rem ote networks, scan your computer for viruses, and restrict access to your [...]

FortiOS v3.0 MR7 SSL VPN User Guide 12 01-30007-0348-200807 18 Customer service and technical support Introduction Comments on Fortinet t echnical documentation Please send inform a tio n ab ou t an y er ro rs or omissions in this document, or any Fortinet technical docu mentation, to techdoc@fortinet.com. Customer service and technical support For[...]

Configuring a FortiGate SSL VPN Comp arison of SSL and IPSec VPN technology FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-2008071 8 13 Configuring a FortiGate SSL VPN This section pr ovides a comparison of SSL and IPSec VPN technology , in addition to an overview of the two modes of SSL VPN oper ation. The high-level step s for configuring each[...]

FortiOS v3.0 MR7 SSL VPN User Guide 14 01-30007-0348-200807 18 Comparison of SSL and IPSec VPN technology Configuring a FortiGate SSL VPN Legacy versus web-enabled applications IPSec is well suited to ne twork-based legacy applica tions that are no t web- based. As a layer 3 technolo gy , IP Sec creates a secure tunnel between two host devices. IP [...]

Configuring a FortiGate SSL VP N SSL VPN modes of operation FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 15 SSL VPNs provide secure access to ce rtain application s. Web-only mod e provides remote users with acce ss to serv er applicatio ns from any thin client computer equipped with a web b rowser . T unnel-mod e provides remo te us[...]

FortiOS v3.0 MR7 SSL VPN User Guide 16 01-30007-0348-200807 18 SSL VPN modes of operation Configuring a FortiGate SSL VPN In web-only mode, the For tiGate unit act s as a secure HTTP/HT TPS gateway and authenticates remote users as members of a user group. After successful authentication, the FortiGate un it redirects the web browser to the web po [...]

Configuring a Fo rtiGate SSL VPN T opology FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 17 When the user initiates a VPN conne ction with the Fo rtiGate unit thr ough the SSL VPN client, the FortiGate unit establishe s a tunnel with the client and assigns the client a virtual IP addres s from a range of reserved addresse s. The clien[...]

FortiOS v3.0 MR7 SSL VPN User Guide 18 01-30007-0348-200807 18 T opology Configuring a Fo rtiGate SSL VPN Figure 1: Example SSL VPN configuration T o provide remote clients with access to all of the servers on Subnet_1 from the Internet, you would configu re FortiGate_1 as follows: • Create an SSL VPN user group and inclu de the remote users in t[...]

Configuring a Fo rtiGate SSL VPN Configuration overview FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 19 Configuration overview Before you be gin, install your choic e of HTTP/HT TPS, telnet, SSH, FTP , SMB/CIFS, VNC, and/or RDP server applications on the internal network. As an alternative, these servic es may be accessed r emotely t[...]

FortiOS v3.0 MR7 SSL VPN User Guide 20 01-30007-0348-200807 18 Configuring the SSL VPN client Configuring a FortiGate SSL VPN SSL VPN Virt ua l Desktop ap plication. The virtual desktop application creates a virtual desktop on a user's PC and monitors the dat a read/write activity of the web browser running inside the virtual desktop. When the[...]

Configuring a FortiGat e SSL VPN Configuring the SSL VPN client FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 21 The FortiGate index p age opens. 4 Select v3.0 and then MR7. This takes you to the page with firmware images for MR7. 5 Select SSL VPN Clients.[...]

FortiOS v3.0 MR7 SSL VPN User Guide 22 01-30007-0348-200807 18 Configuring the SSL VPN client Configuring a FortiGate SSL VPN 6 T o download the SSL VPN V i rtual Desktop, select SSLVPNVirtualDesktopSetup_3.0.384.exe and follow the InstallSh ield Wizard instructions. Figure 2: FortiClient SSL VPN Inst allShield Wizard welcome screen 7 T o run th e [...]

Configuring a FortiGat e SSL VPN Configuring the SSL VPN client FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 23 The FortiGate unit will redirect your web browser to the FortiGate SSL VPN Remote Access Web Po rtal home p age automatically . The fields in the T oo ls a rea e nable yo u to sp ecify the URL or IP ad dress of a host compu[...]

FortiOS v3.0 MR7 SSL VPN User Guide 24 01-30007-0348-200807 18 Configuring the SSL VPN client Configuring a FortiGate SSL VPN T o download the SSL VPN st andalone tunnel client (W indows) 1 Go to the Fortinet T echnologies home p a ge at http://support.fortinet.c om/ and select Support. 2 Under Support, enter yo ur user name and passwo rd. This tak[...]

Configuring a FortiGat e SSL VPN Configuring the SSL VPN client FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 25 This takes you to the page with firmware images for MR7. 5 Select SSL VPN Clients. 6 T o download the SSL VPN Windo ws client application, select FortiClientSSLVPNSetup_3.0.384.exe or FortiClientSSLVPN_3.0_384.msi and follo[...]

FortiOS v3.0 MR7 SSL VPN User Guide 26 01-30007-0348-200807 18 Configuring the SSL VPN client Configuring a FortiGate SSL VPN T o use the SSL VPN s tan dalone tunnel client (W indows) 1 Go to Star t > All Programs > Fortinet > FortiClient SSL VPN > FortiClient SSL VPN . 2 Select Connect. 3 T o manually terminate the connection, select E[...]

Configuring a FortiGat e SSL VPN Configuring the SSL VPN client FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 27 T o download the SSL VPN st andalone tunnel clie nt (Linux) 1 Go to the Fortinet T echnolo gie s home page at http://support.fortinet.com/ and select Support. 2 Under Support, enter your user name and pa ssword. This ta kes[...]

FortiOS v3.0 MR7 SSL VPN User Guide 28 01-30007-0348-200807 18 Configuring the SSL VPN client Configuring a FortiGate SSL VPN This takes you to the p age with firmware images for MR7. 5 Select SSL VPN Clients. 6 T o download the SSL VPN standalone tun nel client (Linux), select forticlientsslvpn_linu x_3.0.384.tar .gz, extrac t the package file to [...]

Configuring a FortiGat e SSL VPN Configuring the SSL VPN client FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 29 The FortiClient SSL VPN tunne l client (Linux) opens. After this initial setup is complete, a user with a normal (non-administrator) account can establish a SSL VPN tunn el se ssio n.[...]

FortiOS v3.0 MR7 SSL VPN User Guide 30 01-30007-0348-200807 18 Configuring the SSL VPN client Configuring a FortiGate SSL VPN T o use the SSL VPN s tan dalone tunnel client (Lin ux) 1 Go to the folder that you downloaded the Linux tunnel client application into, and double-click on ‘ forticlientsslvpn ’. The FortiClient SSL VPN tun nel client ([...]

Configuring a FortiGat e SSL VPN Configuring the SSL VPN client FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 31 T o uninst all the SSL VPN standalone tun nel client (Linux) Remove/delete the folde r containing a ll the SSL VPN client application files. T o download the SSL VPN st andalone tunnel clie nt (MacOS) 1 Go to the Fortinet T[...]

FortiOS v3.0 MR7 SSL VPN User Guide 32 01-30007-0348-200807 18 Configuring the SSL VPN client Configuring a FortiGate SSL VPN 4 Select v3.0 and then MR7. This takes you to the p age with firmware images for MR7. 5 Select SSL VPN Clients. 6 T o download the SSL VPN MacOS client appl ication, double-click on the client file forticlientsslvpn_macosx_3[...]

Configuring a FortiGat e SSL VPN Configuring the SSL VPN client FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 33 T o use the SSL VPN st andalone tunnel client (MacOS) 1 Go to the Applications folder and doub le-click on forticlientsslvpn . The FortiClient SSL VPN tunne l client (MacOS) opens. T o uninst all the SSL VPN standalon e tun[...]

FortiOS v3.0 MR7 SSL VPN User Guide 34 01-30007-0348-200807 18 Configuring SSL VPN settings Configuring a Forti Gate SSL VPN Configuring SSL VPN settings Y ou can configure and manage the FortiGate unit through a secure HTTP (HTTPS) connection from any computer run ning a web browser . For information about how to connect to the we b-based manager [...]

Configuring a FortiGate SSL VP N Configuring SSL VPN settings FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 35 Figure 5: Edit SSL VPN settings Enable SSL VPN Select to enable SSL VPN connections. T unnel IP Range S pecify the range of IP addresses reserved for tunnel - mode SSL VPN clients. T ype the starting and ending address that d[...]

FortiOS v3.0 MR7 SSL VPN User Guide 36 01-30007-0348-200807 18 Configuring SSL VPN settings Configuring a Forti Gate SSL VPN When you finish making your selections, select Apply . Specifying a port number fo r web portal connections Y ou can optionally specify a different TCP port number for users to access the web port al login page through the HT[...]

Configuring a FortiGate SSL VP N Configuring SSL VPN settings FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 37 T o reserve a range of IP addresses for tun nel-mo de clients 1 Go to VPN > SSL > Config . 2 In the T unnel IP Range fields, type the starting and ending IP addresses (for example, 10.254.254.80 to 10.254.254.100 ). 3 S[...]

FortiOS v3.0 MR7 SSL VPN User Guide 38 01-30007-0348-200807 18 Configuring SSL VPN settings Configuring a Forti Gate SSL VPN Setting the client auth entication timeout setting The client authentication timeout setting controls how long an authen ticated connection will remain connec ted. When this time expire s, the system forces the remote client [...]

Configuring a FortiGate SSL VPN Configuri n g use r acc ounts and SSL VPN user gr oups FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 39 2 Select the Edit icon in the row that corresponds to the SSL VPN user group. 3 Expand SSL-VPN Us er Gro up Options. 4 In the Redirect URL field, type the URL of the web page th at you want to display[...]

FortiOS v3.0 MR7 SSL VPN User Guide 40 01-30007-0348-200807 18 Configuring user accounts and SSL VPN user groups Configuring a FortiGate SSL VPN Y ou can choose to use a plain text password for authentication through the FortiGate unit (Local domain), forwa rd authentication request s to an external RADIUS or LDAP serv er , or utiliz e PKI ce rtifi[...]

Configuring a FortiGate SSL VPN Configuri n g use r acc ounts and SSL VPN user gr oups FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 41 T o create a user group 1 Go to User > User Group an d se lec t Crea te New . 2 In the Name field, type a name for the group (for example , Web-only_group ). 3 From the T ype drop-down list, select[...]

FortiOS v3.0 MR7 SSL VPN User Guide 42 01-30007-0348-200807 18 Configuring user accounts and SSL VPN user groups Configuring a FortiGate SSL VPN 7 T o activate the split tunnel feature, select Enable S plit Tunneling. S plit tunneling ensures that only the traf fic for the pr ivate network is sent to the SSL VPN gateway . Internet traf fic is sent [...]

Configuring a Fo rtiGate SSL VPN Configuring firewall policies FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 43 Require V irtual Desktop Connection pr events a user from e stablishing a SSL VPN session without using the SSL VPN V irtua l Desktop applicat ion . For more information, see the SSL VPN User Guide. 11 T o enable the F ortiG[...]

FortiOS v3.0 MR7 SSL VPN User Guide 44 01-30007-0348-200807 18 Configuring firewall policie s Configuring a FortiGate SSL VPN • specifying the level of SSL encryptio n to use and the auth entication method • binding the user group to th e firewall policy The following topics are included in this section: • Configuring firewall addresses • C[...]

Configuring a Fo rtiGate SSL VPN Configuring firewall policies FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 45 5 Select OK. T o define the firewall policy for web- only mode connections 1 Go to Firewall > Policy and select Create New . 2 Enter these settings in pa rticular: 3 Select OK. 4 If the user group requires access to anoth[...]

FortiOS v3.0 MR7 SSL VPN User Guide 46 01-30007-0348-200807 18 Configuring firewall policie s Configuring a FortiGate SSL VPN Configuring tunnel-mode firewall policies Follow the procedures in this section to complete a tunnel- mode configuration. These procedures a ssume that you have already completed the pr ocedures found in “Configuring use r[...]

Configuring a Fo rtiGate SSL VPN Configuring firewall policies FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 47 3 From the T ype list, se lect Subnet/IP Range. 4 In the Subnet/IP Range field, type the co rrespo nding IP address and subnet mask (for example, 172.16.10.0/24 ). If the remote client’ s IP address is unknown, the Subnet [...]

FortiOS v3.0 MR7 SSL VPN User Guide 48 01-30007-0348-200807 18 Configuring SSL VPN event-logging Configuring a FortiGate SSL VPN 3 Select OK. 4 If the user group requires access to another server or network, create the IP destination address (see “T o specify the destination IP address” on page 46 ) and repeat this procedure to create the requi[...]

Configuring a FortiGate SSL VPN Monitoring active SSL VPN sessions FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 49 4 If logs will be written to system memory , fr om the Log Level list, select Information. For more informatio n, see the “Log & Report” chapter of the FortiGa te Administration Gu ide . 5 Select Apply . T o filt[...]

FortiOS v3.0 MR7 SSL VPN User Guide 50 01-30007-0348-200807 18 Configuring SSL VPN bookmarks and bookma rk groups Configuring a FortiGate SSL VPN Figure 7: Monitor list: T unnel-mode conn ection If required, you can e nd a session/conne ctio n by selecting the Delete bu tton in the row that correspond s to the connection. Configuring SSL VPN bookma[...]

Configuring a FortiGate SSL VPN Configuring SSL VPN bookmarks and bookmark groups FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 51 • Viewin g the SSL VPN Bookmark Groups list • Configuring SSL VPN bookmark gro ups Configuring SSL VPN bookmarks Go to VPN > SSL > Bookmark and select Create New to creat e hy pe rlin ks to frequ[...]

FortiOS v3.0 MR7 SSL VPN User Guide 52 01-30007-0348-200807 18 Configuring SSL VPN bookmarks and bookma rk groups Configuring a FortiGate SSL VPN • Viewing the SSL VPN Bookmark Groups list • Configuring SSL VPN bookm ark groups Viewing the SSL VPN Bookmark Groups list Y ou can create a group of specific bo okmarks that can be included in the co[...]

Configuring a FortiGate SSL VPN Configuring SSL VPN bookmarks and bookmark groups FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 53 See also • Configuring SSL VPN settings • Monitoring active SSL VPN sessions • Configuring SSL VPN bookmarks and bo okmark groups • Viewin g the SSL VPN bookmark list • Configuring SSL VPN bookma[...]

FortiOS v3.0 MR7 SSL VPN User Guide 54 01-30007-0348-200807 18 SSL VPN host OS patch check Configuring a FortiGate SSL VPN SSL VPN host OS p atch check SSL VPN Client OS Pa tch Check feat ure allows a client with a specific OS patch to access SSL VPN services. The host c heck only works on Windows plat fo rms. This means that MacOS/Linux users can [...]

Configuring a FortiGate SSL VPN Granting unique access pe rmissions for SSL VPN tunnel user gro ups FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 55 set tolerance 1 end config sslvpn-os-check-list "windows-xp" set action allow end set member "u1" set sslvpn-split-tunneling enable set sslvpn-http enable next end con[...]

FortiOS v3.0 MR7 SSL VPN User Guide 56 01-30007-0348-200807 18 Granting unique access pe rmissions for SSL VPN tunnel user groups Configuring a Forti Gate SSL VPN Sample configuration for unique access pe rmissions with tunnel mode user groups In this sample configuration , there are two user groups , each one with a dedicated IP address range. Fir[...]

Configuring a FortiGate SSL VPN Granting unique access pe rmissions for SSL VPN tunnel user gro ups FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 57 Go to User > User Group . Create group1 as an SSL VPN user group with user1 as the member and 10.1.1.1 - 10.1.1.5 0 as the v alues in ‘Restrict tunnel IP range for this group’. Fig[...]

FortiOS v3.0 MR7 SSL VPN User Guide 58 01-30007-0348-200807 18 Granting unique access pe rmissions for SSL VPN tunnel user groups Configuring a Forti Gate SSL VPN Figure 17: Source/destin atio n firewall addresses - Public IP Figure 18: Source/d estination firewall addresses - L inux/Windows PC After crea ting the source and destination addresses, [...]

Configuring a FortiGate SSL VPN Granting unique access pe rmissions for SSL VPN tunnel user gro ups FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 59 Figure 19: u ser1 firewa ll policy The user2 policy is also an SSL-VPN firewall policy that includes the app licable source and destination addr esses, and has group2 as the user gro up a[...]

FortiOS v3.0 MR7 SSL VPN User Guide 60 01-30007-0348-200807 18 SSL VPN virtual interface (ssl.r oot) Configuring a FortiGate SSL VPN Figure 21: Firewall po licy list T o avoid overlap with other firewall polic ies, add a DENY policy below the SSL VPN policies (the source is the SSL VPN tunnel IP range). See Configuring firewall policies for more in[...]

Configuring a FortiGate SSL VPN SSL VPN virtual interface (ssl.root) FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 61 Go to Firewall > Policy and select Create New to create a firewall policy . For a standar d configuration, set up the firewall policies listed below . T o allow ssl us ers to brow se the In ternet thro ugh the For t[...]

FortiOS v3.0 MR7 SSL VPN User Guide 62 01-30007-0348-200807 18 SSL VPN dropping connections Configuring a FortiGate SSL VPN SSL VPN dropping connections When a FortiGate unit ha s mu ltiple internet connections , the SSL VPN client can connect to the SSL VPN web portal, but when attempting to click Connect to st art tunnel mode SSL VPN, the tunnel [...]

Configuring a FortiGate SSL VPN SSL VPN dropping connections FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 63[...]

FortiOS v3.0 MR7 SSL VPN User Guide 64 01-30007-0348-200807 18 SSL VPN dropping connections Configuring a FortiGate SSL VPN[...]

Working with the we b portal Connecting to the FortiGate unit FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-2008071 8 65 W orking with the web port al This section introduces the web port al features and explains how to configur e them. The following topics are in cluded in this section: • Connecting to the FortiGate unit • Web portal home [...]

FortiOS v3.0 MR7 SSL VPN User Guide 66 01-30007-0348-200807 18 Web portal home p age features Working with the web portal 4 When you are pr om p te d fo r you r us er name and password: • In the N ame field, type your user name . • In the Password field, type your p assword. 5 Select Login. The FortiGate unit will redirect your we b browser to [...]

Working with the we b portal Web portal home p age features FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 67 Figure 22: FortiGate SSL VPN Re mote Access Web Portal p age If your user account permit s web-only mode access, and your administr ator has set up pre-defined b ookmarks for you, they will appea r in a list under Pre-defined B[...]

FortiOS v3.0 MR7 SSL VPN User Guide 68 01-30007-0348-200807 18 Launching web portal applicati ons Working with the web portal In the T ools area, you can connect to a web ser ver or start a telnet session. Y ou can also check connectivity to a host or server on the ne twork behind the FortiGate unit. For more information , see “ S tarting a sessi[...]

Working with the we b portal Launching web portal applica tions FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 69 The encryption key is only valid for th e current user session. Once the user logs out, the key is no longer valid. In the case of FTP and SMB, the path/filena me is translated into its hex value for internal encoding purpo[...]

FortiOS v3.0 MR7 SSL VPN User Guide 70 01-30007-0348-200807 18 Launching web portal applicati ons Working with the web portal T o add an HTTP or HTTPS connection and acce ss t he web server 1 Select Add Bookmark. 2 In the T itle field , typ e a na m e to re pr es en t th e c onn ec t ion. 3 From the Application T ype list, select Web. 4 In the UR L[...]

Working with the we b portal Launching web portal applica tions FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 71 The FortiGate unit replaces th e URL with https:// <FG_IP_address>:<port_no> /proxy/http/ <specified_URL> and the requested pag e is displayed. 7 T o end the session, close the browser window . T o add a t[...]

FortiOS v3.0 MR7 SSL VPN User Guide 72 01-30007-0348-200807 18 Launching web portal applicati ons Working with the web portal 9 T o end the session, select Disconnect (or type exit ) and then close the TEL NET connection windo w . T o add an FTP connection and st art an FTP sessio n 1 Select Add Bookmark. 2 In the T itle field , typ e a na m e to r[...]

Working with the we b portal Launching web portal applica tions FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 73 After you log in, the files and subdirecto ries in the root directory are displayed. Y ou can switch to a subdirectory from the root directory . For example, the following image shows the content s of a subdirectory named s[...]

FortiOS v3.0 MR7 SSL VPN User Guide 74 01-30007-0348-200807 18 Launching web portal applicati ons Working with the web portal 5 Select OK. 6 T o start a SMB/CIFS session, select the hyperlink that you created. 7 When you are prompted to log in to the re mote host, type your user name and password. Y ou must have a user account on the remote host to[...]

Working with the we b portal Launching web portal applica tions FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 75 T o add a VNC connect ion and st art a VNC session 1 Select Add Bookmark. 2 In the T itle field, type a na me to represent the connection. 3 From the Application T ype list, select VNC . 4 In the Host Name/IP field, type th[...]

FortiOS v3.0 MR7 SSL VPN User Guide 76 01-30007-0348-200807 18 Launching web portal applicati ons Working with the web portal T o add a RDP connection and st art a RDP session 1 Select Add Bookmark. 2 In the T itle field , typ e a na m e to re pr es en t th e c onn ec t ion. 3 From the Application T ype list, select RDP . 4 In the Shared File Folde[...]

Working with the we b portal Launching web portal applica tions FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 77 6 T o start a RDP session, select the hyperlink that you create d. 7 When you see a screen configuration dia log, click OK. 8 When you are prompte d to log in to the remote host, type your user name and password. Y ou must [...]

FortiOS v3.0 MR7 SSL VPN User Guide 78 01-30007-0348-200807 18 Launching web portal applicati ons Working with the web portal T o add a SSH connection and st art a SSH sessio n 1 Select Add Bookmark. 2 In the T itle field , typ e a na m e to re pr es en t th e c onn ec t ion. 3 From the Application T ype list, select SSH. 4 In the Host Name/IP fiel[...]

Working with the we b portal Launching web portal applica tions FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 79 8 A SSH session start s and you are prompted to log in to the rem ote host. Y ou must have a user account to log in. Af ter you log in, you may enter any series of valid commands at the system prompt. 9 T o end the session,[...]

FortiOS v3.0 MR7 SSL VPN User Guide 80 01-30007-0348-200807 18 S tarting a session from the T ools area Working with the web portal St arting a session from the T ools area Y ou can connect to any web server or teln et server without adding a bookma rk to the My Bookmarks list. The fields in the T ools area enable you to specify the URL or IP addre[...]

Working with the we b portal T unne l-mo de features FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 81 Figure 25: Fortine t SSL VPN Clien t 1.0 page (tunnel mod e) Working with the ActiveX/Java Platform plug-in The ActiveX/Java Plat form plug-ins provide the sof tware that your clie nt computer needs to est ablish an SSL VPN tunnel wit[...]

FortiOS v3.0 MR7 SSL VPN User Guide 82 01-30007-0348-200807 18 T unnel -mo de features Working with the web portal T o download and inst all the ActiveX/Java Plat form plugin 1 At the top of the web portal home p age, select the Activate SSL-VPN T unnel Mode link. 2 The FortiGate unit may prompt you to install a Fortinet SSL VPN Client plugin. Foll[...]

Working with the we b portal Logging out FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 83 2 Select Connect. Figure 26: T unne l es t ablis he d After the “Fortinet SSL VPN client connected to server” message is displayed and the Disconnect button is enabled (see Figu re 26), you have direct access to the network behind the FortiGa[...]

FortiOS v3.0 MR7 SSL VPN User Guide 84 01-30007-0348-200807 18 Logging out Working with the web portal[...]

Index FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-2008071 8 85 Index A ActiveX plugin downloading 8 1 uninstalling 83 applications, web-portal 68 authentication timeout setting 40 B bookmarks user-defined 69 C certificates allow group certificate 47 self signed 65 X.509 20 cifs session, establishing 73 cipher suite, SSL negotiations 39 client[...]

FortiOS v3.0 MR7 SSL VPN User Guide 86 01-30007-0348-200807 18 Index K keyboard setting, rdp 76 L logging filtering SSL VPN events 51 setting event-logging parameters 50 viewing SSL VPN event logs 51 logging in to FortiGate secure HTTP g ateway 65 loggin g out from web portal page 83 M modes of operation 7, 15 tunnel mode 17 web-only mode 15 My Boo[...]

Index FortiOS v3.0 MR7 SSL VPN User Guide 01-30007-0348-20080 718 87 V Virtual Desktop 21 downloading 2 1 running 21 using 21 vnc session, establishing 75 VPN tunnel, initiating 82 W web portal 69 adding caption to home page 4 0 applications 68 customizing login page 41 Fortinet SSL VPN Client area 80, 82 home page features 66 redirecting to popup [...]

FortiOS v3.0 MR7 SSL VPN User Guide 88 01-30007-0348-200807 18 Index[...]

www.fortinet.com[...]

www.fortinet.com[...]