HID Fortinet and AAA Server User Manual
Page 8
ActivIdentity 4TRESS AAA Web Tokens and SSL VPN Fortinet Secure Access | Integration Handbook
P 8
External Use | July 16, 2012 | © 2012 ActivIdentity
2. Select the option
Enable SSL-VPN.
3. Next to IP Pools—SSLVPN_TUNNEL_ADDR1,click Edit. IP Pools.
This allows you to select the range or subnet firewall addresses that represent IP address ranges reserved for
tunnel-mode SSL VPN clients. The IP Pool that you select will be the one created.
4. From the
Server Certificate drop-down list, select the signed server certificate to use for authentication. If
you accept the default setting (
Self-Signed), then the FortiGate unit offers its Fortinet factory installed
certificate to remote clients when they connect.
5. Deselect the
Require Client Certificate option.
6. For
Encryption Key Algorithm, select the algorithm for creating a secure SSL connection between the
remote client Web browser and the FortiGate unit.
7. For
Idle Timeout, enter the period of time (in seconds) that the connection can remain idle before the user
must log in again. The range is from 10 to 28800 seconds. Setting the value to 0 will disable the idle
connection timeout. This setting applies to the SSL VPN session.
8. For
Advanced (DNS and WINS Servers), enter up to two DNS servers and/or two WINS servers to be
provided for the use of clients.
9. Click
OK at the bottom of the page.