HID ActivID AAA OOB & SSL User Manual
Page 13
4TRESS AAA Out-of-Band Authentication (SMS) and SSL VPN Fortinet | Integration Handbook
External Release | © 2012-2013 HID Global Corporation/ASSA ABLOY AB. All rights reserved.
Page | 13
5. From the Destination Interface/Zone drop-down list, select the interface that connects to the protected
network.
6. From the Destination Address drop-down list, select the firewall address that represents the networks and
servers the SSL VPN clients will connect to.
7. Accept the Schedule default (always)
8. Accept the Service default (ANY).
9. From the Action drop-down list, select ACCEPT.
10. Select the Enable NAT option, and then click OK.
This policy enables the SSL VPN client to initiate communication with hosts on the protected network. If you want
to enable hosts on the protected network to initiate communication with the SSL VPN client, then you should
create another Accept policy like the preceding one, but with the source and destination settings reversed.
Note: You must also add a static route for tunnel mode operation.