HID ActivID AAA OOB & SSL User Manual

4TRESS AAA Out-of-Band Authentication (SMS) and SSL VPN Fortinet | Integration Handbook

External Release | © 2012-2013 HID Global Corporation/ASSA ABLOY AB. All rights reserved.

Page | 8

2. Select the option Enable SSL-VPN.

3. Next to IP Pools—SSLVPN_TUNNEL_ADDR1,click Edit. IP Pools.

This allows you to select the range or subnet firewall addresses that represent IP address ranges reserved for
tunnel-mode SSL VPN clients. The IP Pool that you select will be the one created.

4. From the Server Certificate drop-down list, select the signed server certificate to use for authentication. If

you accept the default setting (Self-Signed), then the FortiGate unit offers its Fortinet factory installed
certificate to remote clients when they connect.

5. Deselect the Require Client Certificate option.

6. For Encryption Key Algorithm, select the algorithm for creating a secure SSL connection between the

remote client Web browser and the FortiGate unit.

7. For Idle Timeout, enter the period of time (in seconds) that the connection can remain idle before the user

must log in again. The range is from 10 to 28800 seconds. Setting the value to 0 will disable the idle
connection timeout. This setting applies to the SSL VPN session.

8. For Advanced (DNS and WINS Servers), enter up to two DNS servers and/or two WINS servers to be

provided for the use of clients.

9. Click OK at the bottom of the page.