Monday, November 1, 2010

SSL-VPN using UTM (Fortigate)

Access your private network from public network using fortigate VPN (Simplifed document)
Step 1: Allocate private ip addresses for your VPN access from public network
 Step 2: Configure SSL-VPN
 3. VPN Portal creation - Web mode access . Create portal in your VPN box and access your internal network using the portal.

4. Create username  to access VPN from public network 
 5. Create user group which should have SSL-VPN access to already created portal.
7. Now create firewall policy
    In this policy Public network can access Internal network using VPN portal and VPN user group.

Configuration completed.

Extra configuration for Tunnel Mode access
8. Add new policy for Tunnel Mode
9. Add static route to send reply from internal network to VPN clients









  




VPN - Home to Office

Setup VPN at your Home


use create new connection







Give you VPN server's user name and password.

This is your network configuration before VPN connection.

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\admin>ipconfig

Windows IP Configuration

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 192.168.**.**
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : 192.168.**.**


Network configuration after making VPN connectivity.


C:\Documents and Settings\admin>ipconfig
Windows IP Configuration
Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . :   192.168.**.**
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . :   192.168.**.**

PPP adapter Office network:

Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . :    192.168.1.40
Subnet Mask . . . . . . . . . . :    255.255.255.255
Default Gateway . . . . . . . . . : 192.168.1.**

Here 192.168.1.40 is your virtual IP. And your system is part of your office network. Now you can connect to your applications from your home using VPN.