Dominik Weglarz, IT System Engineer
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Created on 04-09-2008 11:11 AM
If you enable split tunnelling in the User Group for the ForticlientsHow can i do it? Is it something to set in forticlient, in Fortigate, or in windows?
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Created on 04-11-2008 12:32 PM
regards
/ Abel
Created on 04-14-2008 12:30 PM
config system dhcp server edit " vpnremotos" set default-gateway 10.10.20.10 set interface " wan1" set lease-time 86400 set netmask 255.255.0.0 set server-type ipsec set start-ip 10.10.40.1 set end-ip 10.10.40.254 set wins-server1 10.10.10.10 set wins-server2 10.10.10.20 next end config firewall profile edit " custom_vpn_remoto" set log-web-ftgd-err enable set ftp splice set http rangeblock unset https set imap fragmail spamfssubmit set pop3 fragmail spamfssubmit set smtp fragmail spamfssubmit splice set pop3-spamtagtype subject set imap-spamtagtype subject set nntp no-content-summary unset im set comment " " set ftgd-wf-options strict-blocking set ftgd-wf-https-options strict-blocking set ftgd-wf-disable all next config user group edit " user_vpn" set profile " custom_vpn_remoto" set member " user1" " user2" " user3" next end config vpn ipsec phase1 edit " Remotos" set type dynamic set interface " wan1" set nattraversal enable set proposal 3des-sha1 3des-md5 set psksecret ENC (password) next end config vpn ipsec phase2 edit " remotos" set keepalive enable set pfs enable set phase1name " Remotos" set proposal 3des-sha1 3des-md5 set replay enable set dhcp-ipsec enable next end config vpn ipsec forticlient edit " xxxxx" set phase2name " remotos" set usergroupname " user_vpn" next end config firewall policy edit 49 set srcintf " internal" set dstintf " wan1" set srcaddr " Internal_All" set dstaddr " all" set action ipsec set schedule " always" set service " DHCP" set logtraffic enable set inbound enable set outbound enable set natinbound enable set vpntunnel " Remotos" next edit 47 set srcintf " internal" set dstintf " wan1" set srcaddr " Internal_All" set dstaddr " all" set action ipsec set schedule " always" set service " ANY" set profile-status enable set logtraffic enable set profile " custom_vpn_remoto" set inbound enable set outbound enable set vpntunnel " Remotos" next end
set dstaddr " all" set action ipsecto
set dstaddr " RangeIPDHCP" set action ipsecwhere RangeIPDHCP is 10.10.40.[1-254] And add a new internal->wan1 firewall policy below with action ' accept' to destination address ' all' for internet browsing. best regards,
regards
/ Abel
Created on 04-15-2008 06:40 PM
regards
/ Abel
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.