Hello All,
I am a newbie to Fortigate so i'm not experienced with it.
Could anybody tell me what is the correct usage of ssl.<vdom_name> interface please? I see it in root vdom and also in other vdoms.
config system interface
edit "ssl.root"
set vdom "root"
set type tunnel
set alias "sslvpn tunnel interface"
set snmp-index 32
next
end
Is it used solely for Policies configuration or for smt else too?
And also, if i have site-to-site vpn, do i need this interface for sny reason?
I'd be thankful if anybody could point me where to read mroe theoretically about that.
Thanks!
It's dedicated only to SSL VPN. If you don't have SSL VPN you just need to ignore them. It's allowed only one setup per vdom or root. I'm guessing that's why FTNT decided to prebuild by default. IPSec vpn interface will be automatically created individually when you configure the vpn if it's interface mode.
Thank you very much!
Couldn't find related documentation to read more about it and similar.
The SSL.root interface is the end of the tunnel if you connect via SSL VPN. Just like the <phase2> virtual interface if using an IPsec VPN.
You use it in (at least) one policy to let client traffic in through the tunnel:
srcintf=ssl.root
dstintf=internal
srcaddr=(SSL VPN client's private address range)
dstaddr=(your LAN's subnet)
service=...
action=accept
Although visible in System>Interfaces, you never directly manipulate the tunnel interface. All things SSLVPN are configured in VPN > SSLVPN.
Also you can't disable it. Since it's a interface you can assign and address ( depending on FortiOS version ) and even use it for management purpose again depending on FortiOS version.
ken
PCNSE
NSE
StrongSwan
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.