HID ActivID AAA OOB & SSL User Manual

4TRESS AAA Out-of-Band Authentication (SMS) and SSL VPN Fortinet | Integration Handbook

External Release | © 2012-2013 HID Global Corporation/ASSA ABLOY AB. All rights reserved.

Page | 11

3. From the Source Interface/Zone drop-down list, select the name of the FortiGate network interface that

connects to the Internet.

4. From the Source Address drop-down list, select all.

5. From the Destination Interface/Zone drop-down list, select the FortiGate network interface that connects to

the protected network.

6. From the Destination Address drop-down list, select the firewall address you created that represents the

networks and servers to which the SSL VPN clients will connect.

If you want to associate multiple firewall addresses or address groups with the Destination Interface/Zone,
then from Destination Address, click the plus symbol. In the dialog box that is displayed, move the firewall
addresses or address groups from the Available Addresses section to the Members section, then click OK.

7. From the Action drop-down list, select SSL-VPN.

8. Deselect the SSL Client Certificate Restrictive option.

9. From the Cipher Strength drop-down list, select the bit level of SSL encryption. The Web browser on the

remote client must be capable of matching the level that you select.

10. Select the Configure SSLVPN Users option. (A security policy for an SSL VPN is automatically an identity-

based policy.)

11. Click Add to add a user group to the policy. The Edit Authentication Rule window opens on top of the

security policy. Enter the following information and then click OK. You can click Add again to add more
groups.