This is an example of setting up web access SSL VPN in a Fortigate. My example has the client on my private network with the server connected to a separate interface on the Fortigate, but the example will scale to an enterprise situation where the clients are remote to the Fortigate.
On your Fortigate, insure “VPN” is enabled in System → Feature Visibility
Under VPN → SSL-VPN Portal, I used the default web-access option. I did add the optional bookmark for ssh access to my server.
Under User & Authentication → User Groups I created a User Group called “test” and added a local user to it.
Under VPN → SSL VPN settings, I added the Fortigate interface to listen on for client connections. I had previously downloaded and installed the Fortigate’s default SSL certificate in Firefox. I also set the Listen on Port 10 10443 so that it didn’t conflict with the management port on the Fortigate.
Still in SSL-VPN settings, I added my group “test” to Authentication/Port Mapping.
When you apply the changes, Fortigate automatically creates a new Tunnel interface that will need to be used in your policies.
The policy permits SSL traffic from the tunnel to the server connected to my dmz interface. Interestingly, prior to adding this policy when I was troubleshooting why the connection wasn’t working, there were no deny entries in my Fortigate log.
Click the link in our SSL-VPN settings to access the SSL login page
Enter the credentials for our “test” user and we get to the SSL-VPN portal page. From there we can use the bookmark we created or click on Quick Connection to connect to our server.
For troubleshooting, go to Log & Report → Events and select VPN Events for logging information on your connection.
Thanks for reading! This didn’t quite provide step-by-step instructions, so feel free to hit me up on Discord (@dorian5) if you have any questions or comments.
