Define the interface which the FortiGate will use to listen for SSL VPN tunnel requests. This is generally your external interface.

Enter the port number for HTTPS access.

Restrict accessibility to either Allow access from any host or to Limit access to specific hosts as desired. If selecting the latter, you must specify the hosts.

Select the signed server certificate to use for authentication. If you leave the default setting (Self-Signed), the FortiGate unit offers its factory installed certificate from Fortinet to remote clients when they connect.

Select to use group certificates for authenticating remote clients. When the remote client initiates a connection, the FortiGate unit prompts the client for its client-side certificate as part of the authentication process.

For information on using PKI to provide client certificate authentication, see the Authentication Guide.

Type the period of time (in seconds) that the connection can remain inactive before the user must log in again. The range is from 10 to 28800 seconds. Setting the value to 0 will disable the idle connection timeout. This setting applies to the SSL VPN session. The interface does not time out when web application sessions or tunnels are up.

You can also set the authentication timeout for the client, to define how long the user can remain connected to the network. For information see “Setting the client authentication timeout”.

Select Specify custom IP ranges to select the range or subnet firewall addresses that represent IP address ranges reserved for tunnel-mode SSL VPN clients.

Enter up to two DNS servers (IPv4 or IPv6) to be provided for the use of clients.

Enable to access options for entering up to two WINS servers (IPv4 or IPv6) to be provided for the use of clients.

Select so that FortiClient registers with the FortiGate unit when connecting. If you configured a registration key by going to System > Config > Advanced, the remote user is prompted to enter the key. This only occurs on the first connection to the FortiGate unit.