Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ssteo
Staff
Staff

Created on ‎11-11-2021 11:20 PM Edited on ‎02-09-2024 05:36 AM By Moderator

Article Id 192060

Technical Tip: How to use 'ssl.root' interface in zone

Description


This article describes how to use use 'ssl.root' interface in the zone.

 

Related document.
https://docs.fortinet.com/document/fortigate/7.0.0/new-features/538358/use-ssl-vpn-interfaces-in-zon...

https://docs.fortinet.com/document/fortigate/7.4.0/administration-guide/538358/using-ssl-vpn-interfa...

 

Scope

 

FortiGate.


Solution


Go to Network -> Interfaces -> Create New -> Zone.

 


Select 'ssl.root' in zone. Make sure 'ssl.root' is not using in any firewall policy. If not, it will not be possible to see 'ssl.root' appear in the list.

Image1.JPG

 

The next step should be to create an IPv4 policy that will allow VPN users to authenticate and connect:

 

Image2.JPG

 

 

Note:

Since the Zone contains more than just the ssl.root interface, and authentication is configured under the IPv4 policy, users coming from other interfaces inside the zone will be prompted for authentication. It is not possible to combine the ssl.root interface with port 7 at the Incoming Interface at the  Firewall Policy.

8072
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.