Sunday, February 5, 2017

Fortigate - How to Configure SSL-VPN in 100D and connecting with Web and Tunnel Mode

In this example, you will allow remote users to access the corporate network using an SSL VPN, connecting either by web mode using a web browser or tunnel mode using FortiClient. This allows users to access network resources, such as the Internal Segmentation Firewall (ISFW) used in this example.

For users connecting via tunnel mode, traffic to the Internet will also flow through the FortiGate, to apply security scanning to this traffic.



Step 1 - Check the fortigate version and details, backup the configuration first.

Step 2 - Check the Interface details like LAN & WAN IP and Ports.

    => CO-LAN is my Internal Network interface "PORT1"
         
    => WAN is my External Network Interface, two WAN "WAN1 & WAN2" connected to a Zone "WAN".

Step 3 - Create an Address for SSL-VPN-Range & Local LAN. Here I have two network connections "CO & BMU", so I have created two address.

Also create SSL-VPN range to access from remote users.

Step 4 - In my case, as I have two network range, I need to add both network range to one group.


Step 5 - Create a user for SSL-VPN access.


This username and  Password will ask at connecting time.

Step 6 - Create a User Group for SSL-VPN access. If we have one or more users in this VPN access, we need to add to this group.


Step 7 - Now we can create SSL-VPN Tunnel.

Here, I have selected all options for testing purpose, you can select according to your choice.



Step 8 - We need to create policy for accessing Remote location (Home) to CO-Network (Office).


 


Step 9 - Check the SSL-VPN web tunnel mode using browser.



Step 10 - Check the connection through FortiClient (Tunnel Mode).

 
 

Step 11 - Check and Monitor the connection status in both side.
 

That's it...

Tuesday, January 31, 2017

Fortigate - How to configure IPsec VPN with Forticlient (Remote)

This recipe uses the IPsec VPN Wizard to provide a group of remote users with secure, encrypted access to the corporate network.

The tunnel provides group members with access to the internal network, but forces them through the FortiGate unit when accessing the Internet. When the tunnel is configured, you will connect using the FortiClient application.


 

Step 1 - Login into firewall device.
Note : Also take backup the configuration, for safe purpose.

Step 2 - Check the LAN & WAN details.

Step 3 - Create new local user for accessing VPN.

Step 4 - Create new group and add the newly created user.

Step 5 - Create the address under 'objects' for local LAN segments for accessing Local Network.

Step 6 - Now start the IPsec VPN configuration.

Enter the outgoing interface, address range(IP pool, IP which gets assigned after VPN connected). Enable split tunnel and endpoint registrations.

Step 7 - Check the Objects tab, after creating IPsec-VPN automatically added as the VPN range address.

Step 8 - We can see, automatically added one IPsec VPN interface under the WAN section.

Step 9 - Then create a policy for IPsec-VPN to LAN.

Step 10 - Go to Remote computer and install FortiClient, then configure IPsec VPN and connect with the user credentials.

Step 11 - Check the connectivity using ping command.

Step 12 - We can also monitor the connection status on IPsec monitor section.

That's it...