Professional Documents
Culture Documents
7 April 2014
SSL VPN
Module Overview
VPN definition
SSL VPN vs. IPSec VPN
Web-only mode
Tunnel mode
Port Forward mode
Split-Tunneling
Client Integrity Checking
SSL VPN portal
SSL VPN configuration
Access modes comparison
SSL VPN monitor
2
SSL VPN
7 April 2014
Module Objectives
By the end of this module participants will be able to:
Configure the different SSL VPN operating modes
Setup SSL VPN portals
Configure firewall policies and authentication rules for SSL VPN
Monitor SSL VPN connections
SSL VPN
7 April 2014
FortiGate VPN
SSL VPN
Typically used to secure
web transactions
HTTPS link created to
securely transmit
application data
Client signs on through
secure web page (SSL
VPN portal) on the
FortiGate device
IPSec VPN
VPN
SSL VPN
7 April 2014
Internet
Internal
network
Tunnel mode
Split Tunneling
Enabled
Split Tunneling
disabled
SSL VPN
7 April 2014
10
SSL VPN
7 April 2014
11
12
SSL VPN
7 April 2014
Configuration Steps
1.
2.
3.
4.
5.
13
14
SSL VPN
7 April 2014
15
+
Token Code (two factor)
16
SSL VPN
7 April 2014
17
18
SSL VPN
7 April 2014
19
20
SSL VPN
7 April 2014
21
22
SSL VPN
7 April 2014
23
Web-only user
24
SSL VPN
7 April 2014
Web-only
Tunnel
Port Forward
No client software
required (web browser
only)
Uses FortiGate-specific
client downloaded to PC
(ActiveX or Java applet)
Requires admin/root
privilege to install
network tunnel adaptor
25
Labs
Lab 1: SSL VPN
Ex 1: Configuring SSL VPN for Web-only access
Ex 2: Configuring SSL VPN for Tunnel mode
26
SSL VPN
7 April 2014
27