FortiGate SSL VPN Configuration (FortiOS 6.4.0 Basic)

Рет қаралды 151,791

Күн бұрын

Пікірлер: 177

@randalljordan869 4 жыл бұрын

This was an excellent tutorial! I can't believe I was able to get this to work just by viewing one KZbin video. Thanks for educating me on this. My boss is extremely happy as am I. Great job!

@hariprasad-uw2yn 3 жыл бұрын

Hope, your boss will soon raise your salary.

@tomwaterloo 2 жыл бұрын

Thanks so much. One change I had to make to make remote access work from a remote location was turn on NAT. Coming from a netgear router, Fortinet is significantly more complex. Thanks for these directions. Would be very difficult to do without a video like this.

@nathaniellovett8305 4 жыл бұрын

So far one of the best tutorials Ive seen and Im only half way through. Great work and appreciate!

@samimohammad8628 2 жыл бұрын

This best and compressive video to learn SSL-VPN setup

@Deepwaters94 3 жыл бұрын

Great tutorial, really appreciate this step by step setup. Great detail and very thorough! Thanks!

@RaviChinasamy 4 жыл бұрын

Nice video during the current lockdown situation. Honestly, i never really believe into SSL VPN as IPSec dialup vpns were always quicker and more secure overall for me. But thats me. I am sure this video will be super useful for loads, keep it up mike! 👍

@mrd.g.2567 4 жыл бұрын

very good, thanks. I just got my 30E and will be learning with your videos.

@Los_primos132 2 жыл бұрын

TNice tutorials is so fun editing in it I just saw half of your tutorial and couldn't stop PLAYING WITH ITT dont worry I ca bac k after it

@yonniselcted1891 4 жыл бұрын

Thank you very much. you coverd all the basics end to end. --- Very helpfull

@turkaykoc8587 3 жыл бұрын

Thank you for all your efforts.

@frankcamberos8417 3 жыл бұрын

Very helpful! Thank you for this intuitive walkthrough!!

@abid4friends 3 жыл бұрын

Nice video, i appreciate your efforts. Kindly increase volume in the next videos.

@84bworks 7 күн бұрын

Thank you! This worked for me!

@anis3414 4 жыл бұрын

your videos are really good - i'm searching for NSE 4 6.2 training content!

@asifalikhan3796 Жыл бұрын

NSE Institute can help you

@arthill2310 2 жыл бұрын

very nice. Video on always on vpn (rather than auto-connect)? LT2P?

@Sabs761010 7 ай бұрын

Hi @fortinet guru, thanks for the brilliant explication, i have a question in my job we connect through forticlient app which point to a fqdn name instead to ip address,so how does is it configured that on the fortigate firewall? Thanks in advance.

@FortinetGuru 7 ай бұрын

The FQDN is configured in DNS at the registrar level to point to the external IP of the FortiGate. Either that or a CNAME pointing to the dynamic DNS entry provided through a third party.

@tylereasterly5952 2 жыл бұрын

Thank you sir! Very helpful tutorial.

@Willie_will901 2 ай бұрын

Thank you for this video. I can connect and surf the internet but I can't access my network drives.

@ChrisCurtis-qd1dn Жыл бұрын

Well done! We appreciate it!

@FortinetGuru Жыл бұрын

I appreciate you!

@mohamedalfergani3194 3 жыл бұрын

Very helpful ... actually I in need to configure FG200E to enable specific number of remote users to access a server ?

@scottnerone3057 3 жыл бұрын

On point as always!

@deejayboziah9800 Жыл бұрын

Thanks Man, I was able to connect but i do not see any of my internal network devices and drives, am I missing something?

@mentalsite7833 4 жыл бұрын

Please put a video on Differences between SSL VPN AND IPsec VPN

@FortinetGuru 4 жыл бұрын

Sounds like a plan

@mentalsite7833 4 жыл бұрын

@@FortinetGuru I'm waiting

@gabbyventura8057 Жыл бұрын

its a great tutorial - by any chance do u have a tutorial to remote access thru specific protocol web portal ? appreciate

@FortinetGuru Жыл бұрын

Adding to the list of videos to make

@fueledbydata488 4 жыл бұрын

Hi Sir. Thank you so much for this. You helped me saved my job

@TheQuadrider21 4 жыл бұрын

Hello, new to the channel. Thanks for your videos. I'm fairly new to ForiGates and wish I found your channel a few months ago :) for a more in-depth video, you should restrict to Geographic region (only allow SSL connections from US) Is there an easy way to use an AD security group for managing authentication? I did this on WatchGuard firewalls and put a checkbox on a new user setup sheet "does new use get VPN access" if yes, all I did was add them to the SSL-VPN security group in AD for permission. Also, would love to see options for using 2FA with LDAP. (Something I'll be considering for some clients of mine.)

@FortinetGuru 4 жыл бұрын

Will add to the list! I use FSSO if I want it streamlined. Otherwise an individual group for sslvpn usually suffices. This is a super basic example. Further explanation in other videos will add those caveats.

@ravitejav4568 4 жыл бұрын

Fortinet Guru thank it’s working fine on windows 10 forticlient, but no internet on android and iOS devices

@komputatek 3 жыл бұрын

I need clarification. At 15:35 you add 2 subnets. Are these the active local subnets within your domain that the vpn will connect to? Thanks. Great video!

@FortinetGuru 3 жыл бұрын

If you are talking about during the split route area those are the networks you wish to be accessible.

@bruhwtf4831 4 жыл бұрын

Hello, I was waiting for your review on the DNS split tunneling option and then you passed it at 17:46, was it intentional? xD I know this feature had bug-related topics

@lovedefeatsus 2 жыл бұрын

how do you filter what each user can access through the vpn?

@netconfig999 5 ай бұрын

when you use your real PC connect to lab, is it will be loop?

@vuhuuson9102 3 жыл бұрын

Thank you very much!! regards from VietNam!

@mdh685 2 жыл бұрын

Hello, we are new to the Fortigate appliance world and we are now running a 100F at each of our facilities. We have an IPsec tunnel that works fine, and we have SSLVPN set up for both branches, but we cannot get an SSLVPN user to go through the IPsec to access remote branch resources. Do you have a video talking about this configuration?

@BANZAI-tu7yv 4 жыл бұрын

love this fucking channel man keep up the good videos

@llfrater19 Жыл бұрын

Hey great guide, i managed to connect the vpn client on my wifi lan however, when i try to connect to the vpn from a mobile hotspot, it does not connect

@FortinetGuru Жыл бұрын

Does your hotspot subnet overlap with your local subnet on the other end of the vpn (the branch you are trying to connect to?)

@Syntaxstic 2 жыл бұрын

Don't you need deep packet inspection for av and app control on encrypted connections?

@riry865 2 жыл бұрын

How long does it take to learn soft?

@vijayreddy804 2 жыл бұрын

Thanks a lot.... very helpful video

@mohamedibrahim6462 3 жыл бұрын

Hello , thanks for this info . Can you assist with setting up site to site VPN . Thanks

@renelopezguajardo2811 2 жыл бұрын

Excelent video !! Its posible create a policy VPN OUT ? I need access a share printer in a forticlient client PC , but I cant access this machine form my office

@FortinetGuru 2 жыл бұрын

The world is our oyster on this one. You can provide access from internal to SSLVPN devices. The IPs change enough that behavior may be erratic in some cases though.

@chethan579 3 жыл бұрын

Hello, Just subscribed. Can you make a video describing different use cases when to setup SSL-VPN and IPSec VPN.

@FortinetGuru 3 жыл бұрын

I will have a video coming out that will dive into the specific use cases I like to use each one for.

@chethan579 3 жыл бұрын

@@FortinetGuru Thank You for addressing it.

@chungfeng4765 2 жыл бұрын

clips. I use a drum loop and afterwards I want to record a appguitar. What happens.. the drumloop starts to record again along the

@tekatietabuaka5456 2 жыл бұрын

Hi, Thanks for this video, i tried to follow it however facing that unable to establish vpn connection. appreciate any advice on the error i facing

@theolderthebetter3805 3 жыл бұрын

Hey Fortinet Guru, how do we restrict SSL VPN connections to only company machines?

@lucashonz8196 2 жыл бұрын

great video only got 1 problem when I checked for firewall policy there was none!!! HELP!!!

@sonegury445 3 жыл бұрын

Exactly what I needed. Thanks.+

@khalidmahmood6691 4 жыл бұрын

Good video thanks - Question do you have any SSL computer certificate authentication videos or guidance

@FortinetGuru 4 жыл бұрын

Not yet. Soon

@calark5812 4 жыл бұрын

How about a start to finish SSL Cert for the Fortigate so I don't have to see the warning in Chrome every time I access the firewall. From generating CSR, Filing out the SSL request, CN, Domain etc., then what to import back in. I'm hung up on the issue that I don't understand the CSR asks for domain name, its not a domain its a router. I access it by xx.xx.xx.xx not myrouter.com.

@adipapaianus 4 жыл бұрын

HI Gary, I had the same issue and it took me just a couple of clicks to solve it. First I have created a subdomain for VPN ( A record on public company DNS manager) VPN.MYCOMPANYSITE.COM which points to my Fortigate Public IP address. Make this works first. Then generate the CSR where the domain name will be VPN.MYCOMPANYSITE.COM. There are a lot of tutorials on how to generate CSR and Import them , for example : www.ssldragon.com/blog/how-to-install-an-ssl-certificate-on-fortigate/. I bought the cheapest SSL certificate and it works perfectly. ( just for domain validation). If you want fancy stuff, with SAN or VDOMS ... go with CLI

@sameerpervaiz3142 4 жыл бұрын

Hay Mate, I am working on 2FA with SSL VPN on Fortigate, I have done this with email and tokens, do you know is there a way to achieve third party 2FA with Fortigate device like Microsoft Authentication etc.

@rickguthier1037 4 жыл бұрын

@Adam Back I can confirm, we are doing this exactly. Authenticator App on phone, it works great. Note that if you do this, do not try to test from the GUI. It needs to be done from command line, it is a PAP/CHAP issue, I think from memory that the GUI is PAP only.

@jamesgerald4069 4 жыл бұрын

Just curious for smb’s who dont have static IP’s, can this be achieved with dynamic addresses? I had a 300a that I used dyndns to see cameras remotely, but never setup vpn. On the new 300D, those options aren’t available in the web gui anymore, only a fortinet dns.

@safeflight9189 4 жыл бұрын

Yes, same question here...but on a 60F.

@zachthatguy7391 2 жыл бұрын

you da man!

@Michaelg1108 3 жыл бұрын

Very very very helpful thank you so much!!!

@jeremypeterson8002 3 жыл бұрын

Awesome job! thanks Can you show how to point to a Hostname if using dual circuits

@hildicortes 3 жыл бұрын

I just want to say thank you for teaching¡

@MrDpatel62 2 жыл бұрын

hi nice videos ,,, can i ask can you setup a ssl site to site vpn I dont want to use ipsec ... does the fg40 support this type of vpn, thanks

@YogendraKumar-om8mp 3 жыл бұрын

can you upload latest firewall 600e with New version 7.0

@RobertGrøndahlWinther 3 жыл бұрын

This was brilliant and very usefull. Thanks a bunch.

@alejandroparrello6493 4 жыл бұрын

Thank you very much!! regards from Argentina!! 👏🏻👌

@FortinetGuru 4 жыл бұрын

You are welcome!

@NikolaNovkovicfelna 4 жыл бұрын

Keep up the great work!

@gdawwg1125 Жыл бұрын

bro how can you set it up so users can log in with their azure credentials

@DM-rc4yu 4 жыл бұрын

Very helpful, thanks man.

@stephenmunyiri719 3 жыл бұрын

Hello. The idle timeout for the SSL VPN usually fails. Changing the 300s time also has no effect. How can this be dealt with?

@omargomez4878 3 жыл бұрын

corrupted mac packet detected hello dear I present this error configuring vpn ipses any idea why this happens

@VijayaBaskarvvk 3 жыл бұрын

Hi I tried this after watching your video.. SSL VPN portal works without any problem.. but forticlient not establishing tunnel connection with remote gateway.. is there anything I need to check specifically??. Fyi, portal is set to full access...

@mahchanu4692 2 жыл бұрын

When I use GMS it's just a loud distortion soft what's up with that?

@tomislavfedek6678 3 жыл бұрын

is there an option to increase session time on forticlient ? Because, allways up options is not free. Not seems good to have a VPN that have a session time. For the real life scenarios, that make a lot of problems.

@netconfig999 5 ай бұрын

thanks you for sharing

@petermcdermott6379 3 жыл бұрын

Hi fortinet guru, for a v5.6.1 fortigate host check standalone, does it only check AV and firewall, or other things?

@MB-Informatique-fr 3 жыл бұрын

Thank you so much for this :D

@gregfurg 2 жыл бұрын

There is no "Firewall" under "Policy & Objects". Did it get moved? Currently running FortiOS 6.0.4(GA)

@FortinetGuru Жыл бұрын

You know they like to move things around. Making new videos this month and beginning to push them out.

@artixunited 2 жыл бұрын

Great stuff. Can you make a video on SSL Offloading in Fortigate Firewalls. Thanks in advance.

@waelrahhal5660 3 жыл бұрын

Hello, Thanks for your videos I want to know if this setup will work if my VPN Firewall/Router WAN connection is using 4G (SIM Card) keeping in mind that ISP provides only privet addresses (no real IP address) for devices connecting over 4G

@Desertedx 3 жыл бұрын

hello great videos i really like them! do you know which version is the most stable right now for example 61F? we are thinking about going for 6.4.6 but i can't find relevant information on the internet for firmware recommendations...

@eyalmitrani2432 3 жыл бұрын

great tutorial man thank you

@enverhassim5157 4 жыл бұрын

I need to deploy the Forti VPN client to a few hundred laptops via GPO. Previously (v6) i used a Forticonfigurator to create an MST with custom settings i.e. remote gateway address, custom port, etc. The Forticonfigurator only supports up to version 6. Any ideas on how best to customize the installer for newer version?

@bravealikhan 2 жыл бұрын

Hi, Thanks for the Video, for remote gateway we need a Public IP Address right ? or in order to connect FortiGate VPN we need a Public IP address ?

@rosatechnocrat 2 жыл бұрын

It can be public or private.. Depends on how your network is connected....

@satyanarayanaduvvala8321 3 жыл бұрын

Hi Sir, Thank you for the video. Could we have multiple DNS Servers for the VPN Users. I see only one option to select one Primary DNS and Secondary DNS in SSL VPN Settings. Is there any other option having VPN users of different portals to have multiple DNS Settings.

@jayeshmagan2870 4 жыл бұрын

HiMate LOVE YOUR VIDEOS. do you have a video on site to site vpn with overlapping subnet between sites?

@carltonlandry1972 4 жыл бұрын

Nice tutorial, Great job

@javierthewish 3 жыл бұрын

Thank you for this video. Does it make sense that my users are have to connect after 8 hours of use? Do I need some sort of license to avoid that? Thank you.

@FortinetGuru 3 жыл бұрын

8 hours is the time limit you have set for a connection.

@brylleflores8855 4 жыл бұрын

Hi I really enjoyed watching your videos keep it up (Y) In the near future we love to have a video that explains the different subscription options for fortigate and how to know if it is the right subscription for us . Or do we need those types of subscriptions in our environment. If you have time and available. thank you More power Fortiguru

@GurmeetSingh-rq9jm 3 жыл бұрын

Hi...network speed automatically slow down when i login to SSL VPN. Before login in to VPN speed is good. please suggest what to do

@jenyap9115 2 жыл бұрын

I was using 80C, 90D. Was told that support for firmware will cease this yr for 80c. maybe next year 90D. which model will you recommend for replacement if these are going to be out of support? Thank you!

@denverphotopro 4 жыл бұрын

Thank you. Very helpful.

@muikac 2 жыл бұрын

Hello dude, i have one question...i need to connect 300 users via vpn to access my web app, but i have only small Fortinet 60F. Is it possible to use 60F for that number of VPN users (SSL VPN). They will not be concurrent connected to my system, only as needed. Thanks in advance for answer and i have to tell you that your channel is my favorite one.

@renhe108 2 жыл бұрын

The concurrent user limit is 200

@FortinetGuru 2 жыл бұрын

Ya gonna need a bigger box.

@ducpham8914 3 жыл бұрын

I have problem with error -12 when connect reach 80% . How to fix

@briant3261 3 жыл бұрын

VPN connects but then how do you remote access the computer at a different site? Tried RDP but kept failing??? I'm so confused on the final step that no one is ever explaining..

@moshmoshwah7123 3 жыл бұрын

i did the same but idid not get my office ip , so i cant access software

@tomrubino77 4 жыл бұрын

Really looking to get the SAML auth working on SSL VPN. Even Fortinet support doesn't really know it yet. Has anyone been able to get SAML working with Google or Azure?

@efrainlopez8348 2 жыл бұрын

Buen día, realice la configuración y me da acceso solo con datos, con wifi me marca error de DNS, a que se debe este errror?

@FastRedPonyCar 3 жыл бұрын

Does fortigate still offer a pure SSL VPN only client or do you have to use the forticlient with the AV and malware stuff built in? Or if that's the question, would it be better to just use the web portal to connect?

@FortinetGuru 3 жыл бұрын

They do. 7.0 has a vpn only portion

@InformationTechnology-g9z Жыл бұрын

SIR CAN WE CREATE A VIDEO IN VPN USER NOT WORKING IN 10 MINUTES AFTER VPN AUTO DISCONNECT POLICY CREATED NOTIFICATION ON MY PC

@da5731. 4 жыл бұрын

Helpful, appreciated!

@WadleyMatt Жыл бұрын

I have ab issue that requ me to upgrade the fortieth client to 7.05 but it does not allow the connect vpn first option so what would you recommend

@FortinetGuru Жыл бұрын

FortiClient version needs to be kept current with latest vulnerabilities being announced. FortiGate's as well. If you are running current on each you can troubleshoot from there.

@aymenzitouni6539 4 жыл бұрын

Hi, Think you for this video. Just one question, can we have a forticlient preconfigured, so our client doesn't have to enter remote Gateway etc. Install forticlient and then login password. Regards,

@FortinetGuru 4 жыл бұрын

With EMS you can configure profiles and include them in the distribution package

@tobibabatunde1377 4 жыл бұрын

Hi @Fortinet Guru, thanks for the video. I tried out the split tunneling, I could connect, but could not pass traffic through to my LAN and I have a policy for my LAN. Kindly help

@EverythingEvo 4 жыл бұрын

You literally barely gave any information here. What troubleshooting have you done? If any.

@samelrashedy6901 2 жыл бұрын

once I have configured the VPN, I cannot login into Fortigate web interface using my admin login! I can only login into the VPN using the VPN user? it gives me access denied.

@FortinetGuru 2 жыл бұрын

Your SSLVPN port and your HTTPS administration port is overlapping. Login to the device from the inside IP and you can update the admin port to be something other than 443

@MHALAPOW 4 жыл бұрын

Thanks, very useful

@rhdtv2002 3 жыл бұрын

The ISP speed is cut drastically with SSL VPN..any idea why? I get about 400mbps at home without VPN but with SSL VPN..I get around 50mbps..

@FortinetGuru 3 жыл бұрын

What is the remote end capable of upload / download wise?

@Q80Warlock 4 жыл бұрын

Do the trial VM's have limitation on Forticlient VPN because it works on web but doesn't work when connecting with the client. Debug shows session disconnects while negotiating SSLv3/Tlsv ?

@neochrisone 4 жыл бұрын

Hi, you have any respons?

@Q80Warlock 4 жыл бұрын

@@neochrisone it doesn’t work in trial

@chuclater7121 2 жыл бұрын

I know this is a random question but is there a standalone VPN installer?? I just tried to install the free version and it is so slow to download the image!!

@FortinetGuru 2 жыл бұрын

I have only ever used the free one or the one within the support portal for various firmware versions