Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ssteo
Staff
Staff

Created on ‎11-11-2021 11:20 PM Edited on ‎04-09-2025 10:10 PM By Community Manager

Article Id 192060

Technical Tip: How to use 'ssl.root' interface in zone

Description


This article describes how to use use 'ssl.root' interface in the zone.

 

Scope

 

FortiGate.


Solution


Go to Network -> Interfaces -> Create New -> Zone.

 

 

  • Select 'ssl.root' in the zone.
  • Make sure 'ssl.root' is not used in any firewall policy.
  • If not, it will not be possible to see 'ssl.root' appear in the list.

 

Image1.JPG

 

config system zone
    edit "SSL_VPN_ZONE"
        set interface "port7" "ssl.root"
    next
end

 

The next step is to create an Firewall Policy that will allow VPN users to authenticate and connect:

 

Image2.JPG

 

Note: Since the Zone contains more than just the ssl.root interface, and authentication is configured under the IPv4 policy, users coming from other interfaces inside the zone will be prompted for authentication. 

 

  • The SSL VPN daemon process must be restarted after adding the 'ssl.root' interface at the 'SSL_VPN_ZONE'.

 

dia sys process pidof sslvpnd

fnsysctl killall sslvpnd

 

Related documents:

Use SSL VPN interfaces in zones - New features - FortiGate 7.0.1 documentation

Using SSL VPN interfaces in zones - FortiGate 7.4.0 administration guide

Technical Tip: Block or allow intra-zone traffic

9842
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.