Description |
This article describes how to use an SSL VPN connection to a Loopback Interface using Virtual IP and some SSL VPN hardening recommendations. |
Scope | FortiGate. |
Solution |
CLI Reference:
Configure Virtual IP using External IP address (port2) and loopback Interface and Port forwarding to VPN port.
CLI Reference:
config firewall VIP
Configure SSL VPN using Loopback Interface.
CLI Reference:
config vpn ssl settings
Configure the Firewall policy for VIP access from outside.
CLI Reference:
config firewall policy
Configure the Firewall policy for SSL VPN users.
CLI Reference:
To harden the SSL VPN service to protect against failed login attempts, further restrictions can be put on the source on the WAN to Loopback policy to specify allowed Geographical locations.
Connect to the SSL VPN using the Virtual IP.
SSL VPN user list: Note: Even with this setup, Banned-IP or Quarantine IP feature will not be able to block SSL VPN connection attempt. Banned-IP or Quarantine IP feature is only applied on real forwarding traffic, traffic that goes through FortiGate. |