Chapter 16 SSL VPN for FortiOS 5.0 : Basic Configuration : Configuring SSL VPN web portals : Portal configuration
  
Portal configuration
The portal configuration determines what the remote user sees when they log in to the portal. Both the system administrator and the user have the ability to customize the SSL VPN portal.
To view the portals settings page, go to VPN > SSL > Portal.
There are three pre-defined default web portal configurations available:
full-access
tunnel-access
web-access
Each web portal type include similar configuration options. Select between the different portals by selecting one from the drop-down list in the upper right corner of the window. You can also create a custom portal by selecting the plus sign next to the portal drop-down list.
Name
The name for the portal
Portal Message
This is a text header that appears on the top of the web portal.
Theme
A color styling for the web portal.
Page Layout
Select one or two column layouts for the widgets that appear on the web portal page.
Enable Tunnel Mode
If your web portal provides tunnel mode access, you need to configure the Tunnel Mode widget. These settings determine how tunnel mode clients are assigned IP addresses.
Enable Split Tunneling
Select so that the VPN carries only the traffic for the networks behind the FortiGate unit. The user’s other traffic follows its normal route.
IP Pools
Select an IP Pool for users to acquire an IP address when connecting to the portal. There is always a default pool available if you do not create your own.
Client Options
These options affect how the FortiClient application behaves when connected to the FortiGate VPN tunnel. When enabled, a check box for the corresponding option appears on the VPN login screen in FortiClient, and is not enabled by default.
Save Password - When enabled, if the user selects this option, their password is stored on the user’s computer and will automatically populate each time they connect to the VPN.
Auto Connect - When enabled, if the user selects this option, when the FortiClient application is launched, for example after a reboot or system startup, FortiClient will automatically attempt to connect to the VPN tunnel.
Always Up (Keep Alive) - When enabled, if the user selects this option, the FortiClient connection will not shut down. When not selected, during periods of inactivity, FortiClient will attempt to stay connected every three minutes for a maximum of 10 minutes.
Enable Web Mode
Select to enable web mode access.
Applications
Select the applications the user can access when connected over the VPN portal.
Include Session Info
Select to display the Session Information widget on the portal page. The Session Information widget displays the login name of the user, the amount of time the user has been logged in and the inbound and outbound traffic statistics.
Include Connection Tool
Select to display the Connection Tool widget on the portal page. Use the Connection Tool widget to connect to a internal network resource without adding a bookmark to the bookmark list. You select the type of resource and specify the URL or IP address of the host computer.
Include Bookmarks
Select to include bookmarks on the web portal. Bookmarks are used as links to internal network resources. When a bookmark is selected from a bookmark list, a pop-up window appears with the web page. Telnet, VNC, and RDP require a browser plug-in. FTP and Samba replace the bookmarks page with an HTML file-browser.See “Adding bookmarks”.
Prompt Mobile Users to Download FortiClient App
If a remote user is using web browser to connects to the SSL VPN in web mode they are prompted to download the FortiClient Application. The remote user can accept or reject the notification. If the user accepts, they are redirected to the FortiClient web site.
Allow Multiple Concurrent Sessions for Each User
You can set the SSL VPN tunnel such that each user can only log into the tunnel one time concurrently per user per login. That is, once logged into the portal, they cannot go to another system and log in with the same credentials again. To prevent multiple logins, clear the check box.
See Also
SSL connection configuration
Custom login screen
Adding bookmarks
Personal bookmarks
Tunnel mode and split tunneling
The Connection tool widget