[Step by Step] Configuring SSL VPN in Fortinet 5.2.4 and higher

-

SSL VPN IN FORTINET 5.2.4 or higher

Watching is more Fun than reading... Click the link above!!










                                  
                                                      










To configure SSL VPN in Any fortinet firewalls having OS 5.2.4 or higher follow this procedure (it might work for lower versions also, i didn't tested :) )

Note: In Fortinet, by default we get SSL_VPN_TUNNEL_ADD for SSL VPN Users., In this tutorial i have configured the remote users subnet as SSL_USERS_Subnet so wherever i have used this group you use your SSL subnet group.

1. Go to User & Device:
add a new local user.
2. Go to user groups and a new group for SSL users and add the users created in step 1 in this group.

3.Go to Policy & Objects:
create a new object for your internal network (e.g.., 192.168.2.0/24)

4.Go to VPN > SSL > Portals

edit the Full-access tunnel: Configure it as per below.

5. Go to settings under SSL:
    configure these settings
    listen on interface "want interface"
    listen on port: any custom port  "8443" or "10443"

6. G0 to Athentication/Portal mapping:
    a.create new one...
    b.select your ssl user group
    c.Select portal as full access!!


7. Go to router --> static routing:
    a.create new
    b.configure a static route towards your SSL VPN SUBNET with interface as ssl.root

8. Go to Policy & Objects:
    we need to created 3 policies...

   a.WAN to ssl.root
   b.ssl.root to WAN
   c.ssl.root to LAN

A.WAN to SSL.ROOT POLICY:

CLICK OK after configuring as above.

B. SSL.ROOT to WAN POLICY:

CLICK OK after configuring as above.

C. SSL.ROOT to LAN POLICY:

CLICK OK after configuring as above.

Configuration of Fortinet SSL VPN was done, now you should install client in your PC and login.


Thank you.. for watching!!!  :)

Popular posts from this blog

Converting cisco 1852 AP to controller (Mobility express)

-
           CONVERTING 1852 AP TO MOBILITY EXPRESS Get your work done easily, watch the video for this process:   CLICK HERE FOR VIDEO Pre requisites: 1.1852 AP 2.Mobilty express image 3.Mobility express update image 4.TFTP server 5.DHCP server Procedure: Step-1: Connect the 1852 AP in network which have DHCP server. Your PC should be in same network and reachability should be there. (between PC and AP) Step-2: Install the ME image  Open the tftp server and start it. Keep the Mobility express image (30MB) in TFTP-Root directory. go to AP console and issue the below commands: logging console disable      //optional prevents from bothering up with console logging messages debug capwap console cli ap-type mobility-express tftp://x.x.x.x/<image>.tar With the above commands, We have downloaded the ME image into the AP. It Will automatically reboots waits until it does!  Wait 10 - 15 Min. Until you see  <controller>  user: password:
Read more

Cisco Access Point Cap to Sap / Sap to Cap conversion

-
Image
CONVERTING CISCO CAP TO SAP / SAP TO CAP (lwap - Ap / Ap - Lwap): You can watch the video too...!!! Conversion of the AP's using downgrade or upgrade takes a lot of time and most of the times the IOS loaded will lead to an error, So Instead of that process i am going to use ROMMON recovery, It's a simple procedure for IOS changing. It will help a Network engineer's work a lot easier. ROMMON recovery is a process of Deleting the existing flash, and re-inserting our desired IOS. Follow the below  procedure. Mandatory Pre requirements: A PC with TFTP server installed. (Turn off Antivirus, Firewall in PC) Cisco AP which is to be converted. Console cable  Procedure: 1) Login to the CLI go to "privilege mode" . (Enable mode) 2) Execute the below command:      show flash: Output for the above command will be like this In the above output following are the firmware images: ap3g2-k9w8-tar.153-3.JBB5.tar ap3g2-k9w8-mx.152-2.JB2  We need to delete th
Read more

HP Switch Comware firmware Upgradation

-
Image
      UPGRADING FIRMWARE IN HP SWITCHES In Switch: <system>system-view [system]ftp server enable local-user admin password simple admin authentication-attribute user-role network-admin service-type ftp quit vlan 2 port gigabitethernet 1/0/1 quit interface vlan-interface 2 ip address 192.168.1.1 255.255.255.0 quit save in PC Turn off windows firewall Turn off Any antivirus Turn off windows defender //connect a cable one end to switch 1/0/1 port and other end to your PC. configure static ip address in your PC. IP:192.168.1.10 Mask: 255.255.255.0 Test the connectivity by pinging 192.168.1.1 Open command prompt with administrator rights Type: ftp 192.168.1.1 username: admin password: admin ftp> binary ftp> put filename.ipe wait for 3 min. file will be uploaded to switch. after uploading completed type in the following commands. <system>boot-loader file flash:filename.ipe all main press Yes for all prompts.
Read more