1. Create a VPN user and add it to a group.

• To create a local user go to: User & Authentication -> User Definition -> User Type -> Local User -> Next.
• Fill in the username and password with the name of the user and password and select: 'Next'.

• On 'Contact Info', keep the 'Two-factor Authentication' disabled or enable and configure it.
• At the 'Extra Info' field, create a user group, add it to the 'User Group' field, and select: 'Submit'.

2. Configure the SSL VPN Settings.

• In the field 'Listen on Interfaces(s)', select the Internet-facing interface which in this case is 'port2'.
• Since port 443 conflicts with the administrative HTTPS port, change it to another port, for example 20443.
• As 'Server Certificate', the default is 'Fortinet_Factory'. In this case, the default one.
• In the 'Authentication/Portal Mapping', include the user group that was created before and set the Portal to 'web-access'. Also change the 'Portal' for 'All Other User/Groups' to: 'web-access' and select: 'Apply':

3. Configure SSL VPN Firewall Policy.

• 'Incoming Interface' is the Internet-facing interface and should be selected: 'SSL-VPN tunnel interface (ssl.root)'
• At 'Outgoing Interface' should be selected the interface of managing the FortiGate, which in this case is 'port1'.
• On the 'Source' field should be added: 'SSLVPN_TUNNEL_ADDR1' and user group: 'sslvpn'.
• As 'Destination' should be added the subnet of the management interface of the FortiGate which in this case is: '10.191.32.0/20'.

4.  Connect to SSL VPN web portal using URL: https://10.191.20.122:20443 and username and password that is configured:

5. After login, create a 'Bookmark' after going to: 'New Bookmark' and after filling in the 'Name' and 'URL' fields:

6. Select the newly created Bookmark and access the FortiGate using the 'Username' and 'Password':

Note:

FortiOS 7.6.3 release notes: Starting from FortiOS v7.6.3, the SSL VPN tunnel mode will no longer be....