1 The article aims to show an easier way to setup SSL VPN with a FortiGate UTM appliance. The equipment used was a FortiGate 100A with FortiOS 4.0 MR2. Prerequisites for the setup: 1. A working FortiGate box with FortiOS 4.0 MR2 2. Administrative credential to the box 3. A working internet connection with no restriction to inbound traffic on TCP port 443 4. Ability to generate a private key, certificate signing request (CSR) and obtaining a certificate from a trusted CA The author started with the box that had completed factory reset. This can be done by execute factoryreset from CLI. SSLVPNDEMO # execute factoryreset This operation will reset the system to factory default! Do you want to continue? (y/n) Y Please be reminded that if you do this, all the configurations on the box will be erased. Afterwards, have the IP address of your administrative PC set to 192.168.1.100/24 and point to https://192.168.1.99 from your favorite browser. Figure 1 – Pointing the browser to a FortiGate box Because of the certificate is not trusted and the common name of the certificate does not match the URL, so your favorite browser presents a warning. Use “Add Exception…” in Firefox or “Continue to this website (not recommended)” in Internet Explorer. 100001001010111011010110100010010001000010010101110110101101000100100010000100101011101101011010001001 001001010111011010110100010010001000010010101110110101101000100100010000100101011101101011010001001000 001010111011010110100010010001000010010101110110101101000100100010000100101011101101011010001001000100 010111011010110100010010001000010010101110110101101000100100010000100101011101101011010001001000100001 111011010110100010010001000010010101110110101101000100100010000100101011101101011010001001000100001001 011010110100010010001000010010101110110101101000100100010000100101011101101011010001001000100001001010 010110100010010001000010010101110110101101000100100010000100101011101101011010001001000100001001010111 110100000100010000100101011101101011010001100100010000100101011101101011010001001000100001001010111011 100010010001000010010101110110101101000100100010000100101011101101011010001001000100001001010111011010 FortiGate SSL VPN How To William Lee CISA May 9, 2010
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
FortiGate SSL VPN How To William Lee CISA
1
The article aims to show an easier way to setup SSL VPN with a FortiGate UTM appliance. The equipment
used was a FortiGate 100A with FortiOS 4.0 MR2.
Prerequisites for the setup:
1. A working FortiGate box with FortiOS 4.0 MR2
2. Administrative credential to the box
3. A working internet connection with no restriction to inbound traffic on TCP port 443
4. Ability to generate a private key, certificate signing request (CSR) and obtaining a certificate from
a trusted CA
The author started with the box that had completed factory reset. This can be done by execute
factoryreset from CLI.
SSLVPNDEMO # execute factoryreset
This operation will reset the system to factory default!
Do you want to continue? (y/n) Y
Please be reminded that if you do this, all the configurations on the box will be erased. Afterwards, have
the IP address of your administrative PC set to 192.168.1.100/24 and point to https://192.168.1.99 from
your favorite browser.
Figure 1 – Pointing the browser to a FortiGate box
Because of the certificate is not trusted and the common name of the certificate does not match the URL,
so your favorite browser presents a warning. Use “Add Exception…” in Firefox or “Continue to this website