Chapter 4- VPN
4-2 SSL VPN
- Configure a tunnel-based SSL VPN
- Configure a web-based SSL VPN (Web Portal)
|FortiGate||Port3: 192.168.1.1/24 – DHCP ( 192.168.1.20-192.168.1.30)
Port2: DHCP Client
|KALI Linux (SSH Server)||192.168.1.3/24||–|
Configure the interfaces of the firewall. Port2 and Port3 should be configured in the terminal to access the firewall.
Step1 – Port 3 Configuration:
Step 2- Port 2 Configuration:
Step 3- Configure DHCP Server on port3
Step 4- Configure user and user group
Go to User & Authentication> User Definition to create a local user sslvpnuser1.
Go to User & Authentication> User Groups to create a group sslvpngroup with the member sslvpnuser1.
Step 5- Configure SSL VPN web portal and Tunnel mode
Go to VPN > SSL-VPN Portals
- Split-Tunneling :Disabled
- Source IP Pools: SSLVPN_TUNNEL_ADDR1
Go to VPN> SSL-VPN Portals, add KALI IP address(SSH Server- IP Address of Kali ) and WordPress( IP Address of WordPress) in the bookmark section.
Step 6- Configure SSL VPN settings
Go to VPN > SSL-VPN Settings:
- For Listen on Interface(s), select Port2.
- Set Listen on Port to 8080.
- Server Certificate: Fortinet
- In restrict Access, select “Allow access from any host”
- Address range: Automatically assign address.
- In Authentication/Portal Mapping All Other Users/Groups, set the Portal to MyPortal
- Create new Authentication/Portal Mapping for group sslvpngroup mapping portal MyPortal.
Step 7- Configure SSL VPN firewall policy
- Go to Policy & Objects > Firewall Policy.
- Fill in the firewall policy name. In this example, SSLVPN full tunnel access.
- The incoming interface must be SSL-VPN tunnel interface(ssl.root).
- Choose an Outgoing Interface. In this example, port3
- Set the Source to all and group to sslvpngroup.
- Set the Destination to all
- Set Schedule to always, Service to ALL, and Action to Accept.
Step 8 – Verify Configuration
Now connect to Kali outside and open the browser https://IP-PORT 2-Firewall:8080
Enter the username and password you have created in Step2. Then try to connect to the KALI SSH Server and WordPress through the browser.
Step 9 – Download FortiClient
Now, go to Windows and install FortiClient on Windows. Try to use FortiClient to connect through SSLVPN.
Step 10- Configure FortiClient
Step 11- Verify configuration
Enter the Username and Password you have set for SSLVPN.
Accept the Certificate Issuer to have a secure connection
Verify your connectivity by entering the IP address of WordPress.
Verify your connectivity by entering the IP address of SSH Server