HID Fortinet and AAA Server User Manual

Page 15

Advertising
background image

ActivIdentity 4TRESS AAA Web Tokens and SSL VPN Fortinet Secure Access | Integration Handbook

P 15

External Use | July 16, 2012 | © 2012 ActivIdentity

3. From the

Source Interface/Zone drop-down list, select the virtual SSL VPN interface (for example, ssl.root).

4. From the

Source Address drop-down list, select the firewall address you created that represents the IP

address range assigned to SSL VPN clients (for example, SSL_VPN_tunnel_users).

5. From the

Destination Interface/Zone drop-down list, select the interface that connects to the protected

network.

6. From the

Destination Address drop-down list, select the firewall address that represents the networks and

servers the SSL VPN clients will connect to.

7. Accept the

Schedule default (always)

8. Accept the

Service default (ANY).

9. From the

Action drop-down list, select ACCEPT.

10. Select the

Enable NAT option, and then click OK.

This policy enables the SSL VPN client to initiate communication with hosts on the protected network. If you want

to enable hosts on the protected network to initiate communication with the SSL VPN client, then you should

create another Accept policy like the preceding one, but with the source and destination settings reversed.
Note: You must also add a static route for tunnel mode operation.

Advertising
See also other documents in the category HID Equipment: