Fortinet SSL VPN access
NaseemKhoodoruth
335 views
12 slides
Mar 21, 2020
Slide 1 of 12
1
2
3
4
5
6
7
8
9
10
11
12
About This Presentation
Work from Home using SSL VPN via FORTINET and using Active Directoy Single-On guided step by step
Slide Content
Working from Home using Fortinet SSL VPN with Single-On
NASEEM KHOODORUTH 1
FORTINET
Contents
FORTINET ...................................................................................................................................................................1
Enable FSSO for Single-On .......................................................................................................................................2
Active Directory - create group for VPN Users...........................................................................................................6
How to setup SSL VPN on the firewall ......................................................................................................................7
How to configure client for User to connect via SSL VPN ............................................................................................. 10
NASEEM KHOODORUTH 1
FORTINET
Contents
FORTINET ...................................................................................................................................................................1
Enable FSSO for Single-On .......................................................................................................................................2
Active Directory - create group for VPN Users...........................................................................................................6
How to setup SSL VPN on the firewall ......................................................................................................................7
How to configure client for User to connect via SSL VPN ............................................................................................. 10
Working from Home using Fortinet SSL VPN with Single-On
NASEEM KHOODORUTH 2
Enable FSSO for Single-On
Download and Install the FSMO (I use FSSO_Setup_5.0.0276_x64, download from the customer portal)
Configuration guide: https://docs.fortinet.com/document/fortigate/6.0.0/cookbook/573568/installing-the-fsso-agent
Installation mode DC Agent
NASEEM KHOODORUTH 2
Enable FSSO for Single-On
Download and Install the FSMO (I use FSSO_Setup_5.0.0276_x64, download from the customer portal)
Configuration guide: https://docs.fortinet.com/document/fortigate/6.0.0/cookbook/573568/installing-the-fsso-agent
Installation mode DC Agent
Working from Home using Fortinet SSL VPN with Single-On
NASEEM KHOODORUTH 3
Install the DC Agent and then configure the Fortinet single sign on
Check the Fortinet single sign on agent status (same need to configure in the FortiGate security fabric)
NASEEM KHOODORUTH 3
Install the DC Agent and then configure the Fortinet single sign on
Check the Fortinet single sign on agent status (same need to configure in the FortiGate security fabric)
Working from Home using Fortinet SSL VPN with Single-On
NASEEM KHOODORUTH 4
Login to the FortiGate admin portal
To configure the LDAP service, go to User & Device > LDAP Servers and select Create New.
Set the name, DC IP, Distinguished name (example: DC=Contoso,DC=local)
Test Connectivity = successful
Now add connector
Create a Fabric Connector to the FSSO agent by going to Security Fabric > Fabric Connectors and select + Create New.
NASEEM KHOODORUTH 4
Login to the FortiGate admin portal
To configure the LDAP service, go to User & Device > LDAP Servers and select Create New.
Set the name, DC IP, Distinguished name (example: DC=Contoso,DC=local)
Test Connectivity = successful
Now add connector
Create a Fabric Connector to the FSSO agent by going to Security Fabric > Fabric Connectors and select + Create New.
Working from Home using Fortinet SSL VPN with Single-On
NASEEM KHOODORUTH 5
Once done the arrow up should be green status
NASEEM KHOODORUTH 5
Once done the arrow up should be green status
Working from Home using Fortinet SSL VPN with Single-On
NASEEM KHOODORUTH 6
Now single sign-on is enable and configured
Active Directory - create group for VPN Users
SSL VPN Users group add only members that will be allowed for VPN
Import the group to FortiGate
NASEEM KHOODORUTH 6
Now single sign-on is enable and configured
Active Directory - create group for VPN Users
SSL VPN Users group add only members that will be allowed for VPN
Import the group to FortiGate
Working from Home using Fortinet SSL VPN with Single-On
NASEEM KHOODORUTH 7
How to setup SSL VPN on the firewall
Configure the SSL-VPN Settings
https://docs.fortinet.com/document/fortigate/6.0.0/cookbook/690301/configuring-the-ssl-vpn-tunnel
The listen on port 10443 should be open on the ISP router (port forwarding or DMZ)
Note: DNS specify the local domain controller IP address for dns resolution. Second can be google dns
Specify the IP ranges for client, Add the VPN Group from AD that will be allow for VPN
NASEEM KHOODORUTH 7
How to setup SSL VPN on the firewall
Configure the SSL-VPN Settings
https://docs.fortinet.com/document/fortigate/6.0.0/cookbook/690301/configuring-the-ssl-vpn-tunnel
The listen on port 10443 should be open on the ISP router (port forwarding or DMZ)
Note: DNS specify the local domain controller IP address for dns resolution. Second can be google dns
Specify the IP ranges for client, Add the VPN Group from AD that will be allow for VPN
Working from Home using Fortinet SSL VPN with Single-On
NASEEM KHOODORUTH 8
Configure the IPv4 Policy
VPN to LAN for Local Access
VPN to WAN for Internet Access via VPN
VPN to LAN
NASEEM KHOODORUTH 8
Configure the IPv4 Policy
VPN to LAN for Local Access
VPN to WAN for Internet Access via VPN
VPN to LAN
Working from Home using Fortinet SSL VPN with Single-On
NASEEM KHOODORUTH 9
VPN to WAN
NASEEM KHOODORUTH 9
VPN to WAN
Working from Home using Fortinet SSL VPN with Single-On
NASEEM KHOODORUTH 10
How to configure client for User to connect via SSL VPN
Login to the portal from external (https://public ip or dyn account:10443/)
Download and install FortiClient
https://www.forticlient.com/downloads
NASEEM KHOODORUTH 10
How to configure client for User to connect via SSL VPN
Login to the portal from external (https://public ip or dyn account:10443/)
Download and install FortiClient
https://www.forticlient.com/downloads
Working from Home using Fortinet SSL VPN with Single-On
NASEEM KHOODORUTH 11
After installation launch for Fortinet Console from the tray
Add new connection
Set the connection name, remote gateway (public ip or dyn account), port
NASEEM KHOODORUTH 11
After installation launch for Fortinet Console from the tray
Add new connection
Set the connection name, remote gateway (public ip or dyn account), port
Working from Home using Fortinet SSL VPN with Single-On
NASEEM KHOODORUTH 12
Once connected you can access your office network
NASEEM KHOODORUTH 12
Once connected you can access your office network
Categories
BusinessDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 335
- Slides 12
- Favorites 1
- Age 2081 days
Related Slideshows
1
DTI BPI Pivot Small Business - BUSINESS START UP PLAN
MeljunCortes
28 views
1
CATHOLIC EDUCATIONAL Corporate Responsibilities
MeljunCortes
30 views
11
Karin Schaupp – Evocation; lançamento: 2000
alfeuRIO
28 views
10
Pillars of Biblical Oneness in the Book of Acts
JanParon
26 views
31
7-10. STP + Branding and Product & Services Strategies.pptx
itsyash298
27 views
44
Business Legislation PPT - UNIT 1 jimllpkggg
slogeshk98
30 views