In the web-based manager, go to User & Device > User Groups and select Create New.User names can be up to 64 characters long. In the CLI, use the commands in config user local.Īll users accessing the SSL tunnel must be in a firewall user group.In the web-based manager, go to User & Device > User Definition, and select Create New.You can use one policy for multiple groups, or multiple policies to handle differences between the groups such as access to different services, or different schedules. The user group is associated with the web portal that the user sees after logging in.
You may already have users defined for other authentication-based security policies. The first step for an SSL VPN tunnel is to add the users and user groups that will access the tunnel. This section contains the following information:Īdditional configuration options User accounts and groups (Routing in tunnel mode on page 30) l Setup logging of SSL VPN activities. (Configuring security policies on page 1) l For tunnel-mode operation, add routing to ensure that client tunnel-mode packets reach the SSL VPN interface. (Configuring SSL VPN web portals on page 22) l Configure the security policies. (User accounts and groups on page 17) l Create a web portal to define user access to network resources. L Create user accounts and user groups for the remote clients. This chapter outlines these key steps as well as additional configurations for tighter security and monitoring. The first three in the points below are mandatory, while the others are optional. There are three or four key steps to configuring an SSL VPN tunnel. For real-world examples, see Setup examples on page 54. The configurations and steps are high level, to show you the procedures needed, and where to locate the options in FortiOS. This chapter describes the components required, and how and where to configure them to set up the FortiGate unit as an SSL VPN server. Configuring SSL VPN involves a number of configurations within FortiOS that you need to complete to make it all come together.