Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
And
New Contributor

Configuring the security policy for the SSL VPN tunnel connection

Good morning.

 

Please see a top part of Firewall settings2 picture.

 

Questions are:

What I need to put into "Source Interface/Zone"? The choices are as follows: Port 3 (WAN connected to Port 3), or VPN, or sslvpn_tunel_interface.

The same situation: "Destinations Interface/Zone": Port 4 (LAN connected to Port 4), or VPN, or sslvpn_tunel_interface.

What is correct, in my case? Please don't send me to tutorials, I have watched many of tutorials, FortiOS 4.3 is problem (no tutorial with this old OS)

Similar situation: Should I always Enable NAT? In my home network PC IP are 192.168.0.12, .0.13, and IP for PLC are (in other LAN subnet, this LAN I try to exposing to internet) 192.168.0.100, .0.101 and .0.90?

 

Thank You for any help!

 

3 REPLIES 3
lobstercreed
Valued Contributor

I'm confused because it looks like you're showing us an IPSEC tunnel along with your SSL-VPN config.  Typically a rule is sslvpn -> LAN (whatever port that is, port4 it sounds like in your case) and necessarily must specify the destination addresses you want to make available as the destination address(es).  I'm not personally familiar with any code this old, but I'm assuming those basics would not be different.  I don't see where IPSEC would enter into this at all?

 

I would also reiterate what others have told you which is to purchase a support contract and get yourself on the latest code for that box.  You will regret it down the line when it's truly end of support and you're stuck on code that's a decade old with no way to upgrade (except buy another FortiGate WITH support which gives you access to the whole library of code...shhh).

And

I totally agree with the claim that it is old. I bought because I needs a VPN tunnel. This device cost ~ 20Euro. My entire payment is around 600 Euro per month. So buying support is not an option. I am aware of the limitations of this device.

IPSec is between routers. I need a connection between FG 310B and FortiClientVPN program, i.e. SSL-VPN. I understand that IPSec configuration should be removed completely? If I don't have to buy a license for FortiClientVPN, how many users can be connected for free? You can get 10 for free for FortiOS 5 and above, and for FortiOS 4.3? Does anyone know this, because if there is not free, then I needlessly bother you.

Regards!

lobstercreed
Valued Contributor

FortiClient has other capabilities (more now on later versions) like antivirus, etc, but for strictly VPN purposes it has always been free as far as I know.  No limitation on number of clients.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors