Fortinet VPN Client Setup

Fortinet Client Configuration- Create new user

1. Creating the SSL VPN user and user group

Go to User & Device > User Definition > Create New and create a new user via the Users/Groups Creation wizard.

 

Enter a User Name and Password.

 

Enter contact information via Email Address. SMSinformation should be provided if required.

 

Enable the user account and apply Two-factor Authentication if required.

Click Create.

 

Go to User & Device > User Groups and create a user group that includes the newly created user.

 

2. Configuring and assigning the password policy

Enter the CLI Console and configure a password policy using the following commands:

config user password-policy
  edit "pwpolicy1"
    set expire-days 2
    set warn-days 1
  next
end

The password policy includes an expiration time and a warning time.

Next, assign the password policy to the newly created user using the following commands.

config user local
  edit "jsnow"
    set type password
    set passwd-policy "pwpolicy1"
  next
end

By default, the start time for the password is set to the time the user was created.

 

3. Configuring the SSL VPN web portal and settings

Go to VPN > SSL-VPN Portals and select full-access.

Disable Enable Split Tunneling. and select the Source IP Pools. In the example, the default SSLVPN_TUNNEL_ADDR1pool will suffice.

Enable Tunnel Mode Client Options as required, ensure that you Enable Web Mode and click OK.

 

Go to VPN > SSL-VPN Settings.

Under Connection Settings, set Listen on Interface(s) to the Internet-facing interface and set Listen on Port to 10443.*

 

Under Tunnel Mode Client Settings, set Address Range to Automatically assign addresses.*

Under Authentication/Portal Mapping, assign the newly created user group (“TempVPNGroup“) to the full-access portal and Apply your changes.

4. Adding security policies for access to the internal network and the Internet

Go to Policy & Objects >IPv4 Policy and add a security policy allowing access to the internal network through the VPN tunnel interface.

Include the newly created user group and enable

Add a second security policy allowing access to the Internet through the VPN tunnel interface.

Include the newly created user group an enable NAT.

5. Results

Enter user ID and Password

user is prompted to enter a new password.*

———————————————————————————————————————————————————————————-