Adding the local subnets basically allows VPN clients to have access to those networks. This is also a big change from 5.0 where a default WAN-LAN policy was required as well as to have the service be SSL. With 5.2, that is really done in the VPN Settings page.Īllow VPN traffic to the LAN and make sure you are using the network address objects that are specified in the split tunnel policy under the portal. Next, create firewall policies to allow traffic to and from the VPN. If you have multiple portals, add the most specific first, then make the standard catch-all this profile. If you only have one profile then modify this. You can totally customize this so that domain admins get one portal and restricted users get another.Īfter you configure what is needed, there is a red line that comes up and says, “default users not configured”. Also notice at the bottom there is the users who can log into this device, and what portal they will see. We configure the port, VPN client addresses and who can access the VPN from here. Notice that it is much different than 5.0. Then we will start to configure settings for our VPN. In the portal you can configure split tunnel, IP Pools, bookmarks, etc. The portal also has options to save the password and the allow more than one instance of that user to log in.
Of course, these would be set to whatever is appropriate for your environment.įirst, create the address object for the SSL VPN clients: In our example, to enable and create needed policies for the SSL VPN to function, you need to create a scope 10.99.255.0/24 for the VPN subnet, and make sure your two local networks are being sent to the client’s routing table via split tunneling. Local subnets should be set to 10.32.250.0/24 and 10.32.251.0/24. Here are some of the ways it has changed: While exploring FortiOS 5.2, I noticed that one of the things that has been changed heavily is how to set up the SSL VPN. Fortigate has changed a lot in FortiOS 5.2* and at Mirazon we like to experiment with new software and upgrades before we apply them to customer environments.
0 kommentar(er)
