Select Edit to select the range or subnet firewall addresses that represent IP address ranges reserved for tunnel-mode SSL VPN clients.

Select the signed server certificate to use for authentication. If you leave the default setting (Self-Signed), the FortiGate unit offers its factory installed certificate from Fortinet, to remote clients when they connect.

Select to use group certificates for authenticating remote clients. When the remote client initiates a connection, the FortiGate unit prompts the client for its client-side certificate as part of the authentication process.

For information on using PKI to provide client certificate authentication, see the Authentication Guide.

Select the algorithm for creating a secure SSL connection between the remote client web browser and the FortiGate unit. This will depend on what the web browser of the client can support.

The FortiGate unit supports a range of cryptographic cipher suites to match the capabilities of various web browsers. The web browser and the FortiGate unit negotiate a cipher suite before any information is transmitted over the SSL link.

Type the period of time (in seconds) that the connection can remain idle before the user must log in again. The range is from 10 to 28800 seconds. Setting the value to 0 will disable the idle connection timeout. This setting applies to the SSL VPN session. The interface does not time out when web application sessions or tunnels are up.

You can also set the authentication timeout for the client, to define how long the user can remain connected to the network. For information see “Setting the client authentication timeout”.

Enter the port number for HTTPS access.

Select so that FortiClient registers with the FortiGate unit when connecting. If you configured a registration key by going to System > Config > Advanced, the remote user is prompted to enter the key. This only occurs on the first connection to the FortiGate unit.

Enter up to two DNS servers and/or two WINS servers to be provided for the use of clients.