Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Shashwati
Staff
Staff

Created on ‎07-27-2024 06:07 AM Edited on ‎12-06-2024 06:21 AM By Moderator

Article Id 328376

Technical Tip: SSL VPN connection to a Loopback Interface using Virtual IP

Description

This article describes how to use an SSL VPN connection to a Loopback Interface using Virtual IP and some SSL VPN hardening recommendations.
Scope FortiGate.
Solution
  1. Configure Loopback Interface.

 

1.PNG

 

  1. FortiGate WAN Interface and static route (port2 in this example).
      POrt2.png

       static route.png

     

  2. Configure Virtual IP using External IP address (port2) and loopback Interface and Port forwarding to VPN port.

     

    VPN-sslvpn-new.JPG

     

  3. Configure SSL VPN using Loopback Interface.

    3.PNG

     

  4. Configure the Firewall policy for VIP access from outside.

    4.PNG

       

  5. Configure the Firewall policy for SSL VPN users.

     

    5.PNG

       

     

  6. To harden the SSL VPN service to protect against failed login attempts, further restrictions can be put on the source on the WAN to Loopback policy to specify allowed Geographical locations.

    SSL.PNG

     

  7. Connect to the SSL VPN using the Virtual IP.


    FCT-settings-new.JPG

     

    7.PNG

       

  8. SSL VPN user list:


    8.PNG
4381
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.