Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Mike_Berube
New Contributor

SSL VPN connection to share network folder

Is it possible to create a bookmark or other way to permit the SSL VPN connection to access a shared folder on an internal server? What I would like it for a client to connect to SSL VPN Web and have an access to a folder so that he can dump or retrieve files. The folder should be the only thing the client has access to. TY Mike
10 REPLIES 10
Carl_Wallmark
Valued Contributor

Yes, its possible, use web mode, and create a bookmark and select CIFS.

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
Mike_Berube
New Contributor

What service do I associate it to in my policy? TY Mike
Carl_Wallmark
Valued Contributor

create policy like this: WAN1 -> Internal : Action SSL : Service Any

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
Mike_Berube

create policy like this: WAN1 -> Internal : Action SSL : Service Any
I have Enable Identity Based Policy checked so my user group has services configured to it. Any is not available in the options. I’m guessing I need to specify services for what I need to do. Or am I missing something?
rwpatterson
Valued Contributor III

Create your own 445 (NetBIOS over TCP/IP). (Source port range is 1024-65535, not 445-445!)

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
Mike_Berube
New Contributor

I would guess it’s 445 but I don’t see a predefined 445 port. I find that bizarre that it would not be predefined if it’s offered in the portal bookmark. If not 445 then what should I use? Second, in the portal can I define a full path? \\servername\share\share1? TY Mike
Mike_Berube
New Contributor

No, it does not work but I did find the proper port and then associated it to the proper predefined service. The port is 139 witch is associated to SAMBA. I deleted my custom port when I found it and replaced it with SAMBA and bingo it works. Last question associated to this, when login in to the share I need to enter a user and password to access it. To work I must enter the domain name before the user name. Is there a way to predefine that in the firewall so that the end user does not have to enter the domain name, just his user and password? TY Mike
rwpatterson
Valued Contributor III

I don' t believe so, since the FGT isn' t truly CIFS ' aware' .

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
Mike_Berube
New Contributor

I did not think so. If anybody else has a solution to the domain name issue feel free to share. :-) Last note to help others. The path setup in the bookmark must be //servername/share/ and not \\servername\share\. Thanks to all for your help. Mike
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors