Name | The name for the portal. |
Enable Tunnel Mode | If your web portal provides tunnel mode access, you need to configure the Tunnel Mode widget. These settings determine how tunnel mode clients are assigned IPv4 addresses. |
Enable Split Tunneling | Select so that the VPN carries only the traffic for the networks behind the FortiGate unit. The user’s other traffic follows its normal route. |
Source IP Pools | Select an IPv4 Pool for users to acquire an IP address when connecting to the portal. There is always a default pool available if you do not create your own. |
Enable IPv6 Tunnel Mode | If your web portal provides tunnel mode access, you need to configure the Tunnel Mode widget. These settings determine how tunnel mode clients are assigned IPv6 addresses. |
Enable IPv6 Split Tunneling | Select so that the VPN carries only the traffic for the networks behind the FortiGate unit. The user’s other traffic follows its normal route. This applies only to IPv6 tunnels. |
Source IPv6 Pools | Select an IPv6 Pool for users to acquire an IP address when connecting to the portal. There is always a default pool available if you do not create your own. |
Client Options | These options affect how the FortiClient application behaves when connected to the FortiGate VPN tunnel. When enabled, a check box for the corresponding option appears on the VPN login screen in FortiClient, and is not enabled by default. Save Password - When enabled, if the user selects this option, their password is stored on the user’s computer and will automatically populate each time they connect to the VPN. Auto Connect - When enabled, if the user selects this option, when the FortiClient application is launched, for example after a reboot or system startup, FortiClient will automatically attempt to connect to the VPN tunnel. Always Up (Keep Alive) - When enabled, if the user selects this option, the FortiClient connection will not shut down. When not selected, during periods of inactivity, FortiClient will attempt to stay connected every three minutes for a maximum of 10 minutes. |
Enable Web Mode | Select to enable web mode access. |
Portal Message | This is a text header that appears on the top of the web portal. |
Theme | A color styling specifically for the web portal. |
Page Layout | Select one column or two column layouts for the widgets that appear on the web portal page. |
Include Status Information | Select to display the Status Information widget on the portal page. The Status Information widget displays the login name of the user, the amount of time the user has been logged in, and the inbound and outbound traffic statistics. |
Include Connection Tool | Select to display the Connection Tool widget on the portal page. Use the Connection Tool widget to connect to a internal network resource without adding a bookmark to the bookmark list. You select the type of resource and specify the URL or IP address of the host computer. |
Include FortiClient Download | Select to include the FortiClient Download option in the web portal. This is enabled by default. |
Prompt Mobile Users to Download FortiClient Application | If a remote user is using a web browser to connects to the SSL VPN in web mode, they are prompted to download the FortiClient application. The remote user can accept or reject the notification. If the user accepts, they are redirected to the FortiClient web site. |
Include Login History | Select to include user login history on the web portal. |
Enable User Bookmarks | Select to include bookmarks on the web portal. Bookmarks are used as links to internal network resources. When a bookmark is selected from a bookmark list, a pop-up window appears with the web page. Telnet, VNC, and RDP require a browser plugin. FTP and Samba replace the bookmarks page with an HTML file-browser.See “Adding bookmarks”. |
Limite Users to One SSL-VPN Connection at a Time | You can set the SSL VPN tunnel such that each user can only log into the tunnel one time concurrently per user per login. That is, once logged into the portal, they cannot go to another system and log in with the same credentials again. This option is disabled by default. |
If your network configuration does not contain a default SSL VPN portal, you might receive the error message “Input value is invalid” when you attempt to access VPN > SSL > Portals. To enable a default portal - CLI: config vpn ssl settings set default-portal <full-access | tunnel-access | web-access> end |