5 procedure 5: create tunnel mode security policy, Procedure 5: create tunnel mode security policy – HID Fortinet and AAA Server User Manual

Page 14

Advertising
background image

ActivIdentity 4TRESS AAA Web Tokens and SSL VPN Fortinet Secure Access | Integration Handbook

P 14

External Use | July 16, 2012 | © 2012 ActivIdentity

6. From the

Destination Address drop-down list, select the firewall address you created that represents the

networks and servers to which the SSL VPN clients will connect.
If you want to associate multiple firewall addresses or address groups with the

Destination Interface/Zone,

then from

Destination Address, click the plus symbol. In the dialog box that is displayed, move the firewall

addresses or address groups from the

Available Addresses section to the Members section, then click OK.

7. From the

Action drop-down list, select SSL-VPN.

8. Deselect the

SSL Client Certificate Restrictive option.

9. From the

Cipher Strength drop-down list, select the bit level of SSL encryption. The Web browser on the

remote client must be capable of matching the level that you select.

10. Select the

Configure SSLVPN Users option. (A security policy for an SSL VPN is automatically an identity-

based policy.)

11. Click

Add to add a user group to the policy. The Edit Authentication Rule window opens on top of the

security policy. Enter the following information and then click

OK. You can click Add again to add more

groups.

Select

User Groups in the left list (dialog not illustrated) and use the right arrow button to move

them to the right list.

Select

Service in the left list (dialog not illustrated) and use the right arrow button to move them to

the right list.

Select the

ANY service to allow the user group access to all services.

12. Click

OK.

3.5

Procedure 5: Create Tunnel Mode Security Policy

If your SSL VPN will provide tunnel mode operation, then create a security policy to enable traffic to pass between

the SSL VPN virtual interface and the protected networks. This is in addition to the SSL VPN security policy that

you created in the preceding section.
To configure the tunnel mode security policy - web-based manager, perform the following steps.

1. Logged into the FortiGate Web console, navigate to

Policy > Policy > Policy.

2. Click

Create New (located in the pane to the right).

Advertising
See also other documents in the category HID Equipment: