Hot!Configuring the security policy for the SSL VPN tunnel connection

Author
And
New Member
  • Total Posts : 7
  • Scores: 0
  • Reward points: 0
  • Joined: 2020/04/29 02:42:09
  • Status: offline
2020/05/14 06:59:49 (permalink)
0

Configuring the security policy for the SSL VPN tunnel connection

Good morning.
 
Please see a top part of Firewall settings2 picture.
 
Questions are:
What I need to put into "Source Interface/Zone"? The choices are as follows: Port 3 (WAN connected to Port 3), or VPN, or sslvpn_tunel_interface.
The same situation: "Destinations Interface/Zone": Port 4 (LAN connected to Port 4), or VPN, or sslvpn_tunel_interface.
What is correct, in my case? Please don't send me to tutorials, I have watched many of tutorials, FortiOS 4.3 is problem (no tutorial with this old OS)
Similar situation: Should I always Enable NAT? In my home network PC IP are 192.168.0.12, .0.13, and IP for PLC are (in other LAN subnet, this LAN I try to exposing to internet) 192.168.0.100, .0.101 and .0.90?
 
Thank You for any help!
 
post edited by And - 2020/05/15 23:24:22

Attached Image(s)

#1

3 Replies Related Threads

    lobstercreed
    Platinum Member
    • Total Posts : 345
    • Scores: 43
    • Reward points: 0
    • Joined: 2018/11/28 14:57:58
    • Location: Sedalia, MO
    • Status: offline
    Re: Configuring the security policy for the SSL VPN tunnel connection 2020/05/18 22:22:47 (permalink)
    0
    I'm confused because it looks like you're showing us an IPSEC tunnel along with your SSL-VPN config.  Typically a rule is sslvpn -> LAN (whatever port that is, port4 it sounds like in your case) and necessarily must specify the destination addresses you want to make available as the destination address(es).  I'm not personally familiar with any code this old, but I'm assuming those basics would not be different.  I don't see where IPSEC would enter into this at all?
     
    I would also reiterate what others have told you which is to purchase a support contract and get yourself on the latest code for that box.  You will regret it down the line when it's truly end of support and you're stuck on code that's a decade old with no way to upgrade (except buy another FortiGate WITH support which gives you access to the whole library of code...shhh).
    #2
    And
    New Member
    • Total Posts : 7
    • Scores: 0
    • Reward points: 0
    • Joined: 2020/04/29 02:42:09
    • Status: offline
    Re: Configuring the security policy for the SSL VPN tunnel connection 2020/05/19 07:52:10 (permalink)
    0
    I totally agree with the claim that it is old. I bought because I needs a VPN tunnel. This device cost ~ 20Euro. My entire payment is around 600 Euro per month. So buying support is not an option. I am aware of the limitations of this device.
    IPSec is between routers. I need a connection between FG 310B and FortiClientVPN program, i.e. SSL-VPN. I understand that IPSec configuration should be removed completely?
    If I don't have to buy a license for FortiClientVPN, how many users can be connected for free? You can get 10 for free for FortiOS 5 and above, and for FortiOS 4.3? Does anyone know this, because if there is not free, then I needlessly bother you.
    Regards!
    #3
    lobstercreed
    Platinum Member
    • Total Posts : 345
    • Scores: 43
    • Reward points: 0
    • Joined: 2018/11/28 14:57:58
    • Location: Sedalia, MO
    • Status: offline
    Re: Configuring the security policy for the SSL VPN tunnel connection 2020/05/19 08:02:34 (permalink)
    0
    FortiClient has other capabilities (more now on later versions) like antivirus, etc, but for strictly VPN purposes it has always been free as far as I know.  No limitation on number of clients.
    #4
    Jump to:
    © 2020 APG vNext Commercial Version 5.5