Fortinet Client Configuration- Create new user![](https://i0.wp.com/cookbook.fortinet.com/wp-content/uploads/FortiGate/54/ssl-vpn-passwords-expire/SSLVPN-users-passwords-expire.png?resize=530%2C342)
1. Creating the SSL VPN user and user group |
Go to User & Device > User Definition > Create New and create a new user via the Users/Groups Creation wizard. ![](https://i1.wp.com/cookbook.fortinet.com/wp-content/uploads/FortiGate/54/ssl-vpn-passwords-expire/User1.png?w=1200)
| |
Enter a User Name and Password. ![](https://i0.wp.com/cookbook.fortinet.com/wp-content/uploads/FortiGate/54/ssl-vpn-passwords-expire/User2.png?w=1200)
| |
Enter contact information via Email Address. SMSinformation should be provided if required. ![](https://i0.wp.com/cookbook.fortinet.com/wp-content/uploads/FortiGate/54/ssl-vpn-passwords-expire/User3.png?w=1200)
| |
Enable the user account and apply Two-factor Authentication if required. Click Create. ![](https://i2.wp.com/cookbook.fortinet.com/wp-content/uploads/FortiGate/54/ssl-vpn-passwords-expire/User4.png?w=1200)
| |
Go to User & Device > User Groups and create a user group that includes the newly created user. ![](https://i2.wp.com/cookbook.fortinet.com/wp-content/uploads/FortiGate/54/ssl-vpn-passwords-expire/UserGroup1.png?w=1200)
| |
2. Configuring and assigning the password policy |
Enter the CLI Console and configure a password policy using the following commands: config user password-policy
edit "pwpolicy1"
set expire-days 2
set warn-days 1
next
end The password policy includes an expiration time and a warning time. |
Next, assign the password policy to the newly created user using the following commands. config user local
edit "jsnow"
set type password
set passwd-policy "pwpolicy1"
next
end By default, the start time for the password is set to the time the user was created. | 3. Configuring the SSL VPN web portal and settings | Go to VPN > SSL-VPN Portals and select full-access. Disable Enable Split Tunneling. and select the Source IP Pools. In the example, the default SSLVPN_TUNNEL_ADDR1pool will suffice. Enable Tunnel Mode Client Options as required, ensure that you Enable Web Mode and click OK. ![](https://i1.wp.com/cookbook.fortinet.com/wp-content/uploads/FortiGate/54/ssl-vpn-passwords-expire/SSLVPNPortal.png?w=1200)
| | Go to VPN > SSL-VPN Settings. Under Connection Settings, set Listen on Interface(s) to the Internet-facing interface and set Listen on Port to 10443.* ![](https://i2.wp.com/cookbook.fortinet.com/wp-content/uploads/FortiGate/54/ssl-vpn-passwords-expire/SSLVPNSettings1.png?w=1200)
| | Under Tunnel Mode Client Settings, set Address Range to Automatically assign addresses.* Under Authentication/Portal Mapping, assign the newly created user group (“TempVPNGroup“) to the full-access portal and Apply your changes. ![](https://i1.wp.com/cookbook.fortinet.com/wp-content/uploads/FortiGate/54/ssl-vpn-passwords-expire/SSLVPNSettings2.png?w=1200)
4. Adding security policies for access to the internal network and the InternetGo to Policy & Objects >IPv4 Policy and add a security policy allowing access to the internal network through the VPN tunnel interface. Include the newly created user group and enable Add a second security policy allowing access to the Internet through the VPN tunnel interface. Include the newly created user group an enable NAT. ![](https://i2.wp.com/cookbook.fortinet.com/wp-content/uploads/FortiGate/54/ssl-vpn-passwords-expire/SSLVPNPolicyOut.png?w=1200)
5. ResultsEnter user ID and Password ![](https://i1.wp.com/cookbook.fortinet.com/wp-content/uploads/FortiGate/54/ssl-vpn-passwords-expire/Results1.png?w=1200)
user is prompted to enter a new password.* ![](https://i1.wp.com/cookbook.fortinet.com/wp-content/uploads/FortiGate/54/ssl-vpn-passwords-expire/Results2.png?w=1200)
———————————————————————————————————————————————————————————- |
| |
|