Creating the security policies
You need to define security policies to permit your SSL VPN clients, web-mode or tunnel-mode, to connect to the protected networks behind the FortiGate unit. Before you create the security policies, you must define the source and destination addresses to include in the policy. See
“Creating the firewall addresses”.
Two types of security policy are required:
• An SSL VPN policy enables clients to authenticate and permits a web-mode connection to the destination network. In this example, there are two destination networks, so there will be two SSL VPN policies. The authentication ensures that only authorized users can access the destination network.
• A tunnel-mode policy is a regular ACCEPT security policy that enables traffic to flow between the SSL VPN tunnel interface and the protected network. Tunnel-mode policies are required if you want to provide tunnel-mode connections for your clients. In this example, there are two destination networks, so there will be two tunnel-mode policies.
To create the SSL VPN security policies - web-based manager:
1. Go to Policy & Objects > Policy > IPv4 and select Create New.
2. Enter the following information and click OK:
Incoming Interface | port1 |
Source Address | All |
Outgoing Interface | port2 |
Destination Address | Subnet_1 |
3. Select Create New.
4. Enter the following information:
Incoming Interface | port1 |
Source Address | All |
Outgoing Interface | port3 |
Destination Address | Subnet_2 |
5. Click OK.