Creating security policies
Create an SSL VPN security policy with SSL VPN user authentication to allow SSL VPN traffic to enter the FortiGate unit. Create a normal security policy from ssl.root to wan1 to allow SSL VPN traffic to connect to the Internet.
1. Go to Policy > Policy > Policy and select Create New.
2. Select the Policy Type of VPN and the Policy Subtype as SSL-VPN.
3. Complete the following:
Incoming Interface | wan1 |
Remote Address | all |
Local Interface | internal |
Local Protected Subnet | Head office server |
4. Under Configure SSL-VPN Authentication Rules select Create New to add an authentication rule for the remote user:
Groups(s) | Tunnel |
Service | ALL |
Schedule | always |
5. Select OK.
Add a security policy that allows remote SSL VPN users to connect to the Internet.
6. Select Create New.
7. Leave the Policy Type as Firewall and leave the Policy Subtype as Address.
8. Complete the following and select OK:
Incoming Interface | ssl.root |
Source Address | all |
Outgoing Interface | wan1 |
Destination Address | all |
Schedule | always |
Service | ALL |
Action | ACCEPT |