Creating security policies
Create an SSL VPN security policy with SSL VPN user authentication to allow SSL VPN traffic to enter the FortiGate unit. Create a normal security policy from ssl.root to wan1 to allow SSL VPN traffic to connect to the Internet.
1. Go to Policy > Policy > Policy and select Create New.
2. Select the Policy Type as VPN and the Policy Subtype as SSL-VPN.
3. to add the SSL VPN security policy:
Incoming Interface | wan1 |
Remote Address | all |
Local Interface | ssl.root |
Local Protected Subnet | all |
4. Select Create New for Configure SSL-VPN Authentication Rules and add an authentication rule for the remote user:
Selected User Groups | Tunnel |
Selected Services | All |
Schedule | always |
SSL-VPN Portal | tunnel-access |
5. Select OK.
6. Select Create New to add a security policy that allows remote SSL VPN users to connect to the Internet
7. Leave the Policy Type as Firewall and leave the Policy Subtype as Address.:
Incoming Interface | ssl.root |
Source Address | all |
Outgoing Interface | wan1 |
Destination Address | all |
Schedule | always |
Service | ALL |
Action | ACCEPT |
8. Select OK.