FORTIGATE - how to test SSLVPN ?

Eprs_Admin
Eprs_Admin used Ask the Experts™
on
Hi Experts,

I have setup new networks on my FORTIGATE and SSLVPN.
How can I test this VPN ?
Can I test it with an IPAD or ANDROID smartphone ?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
I'm going to assume you've followed the cookbook for setting up SSL and have the appropriate policies in place.

The SSL VPN is pretty easy to test, get a laptop and head to starbucks, and bring an android/iphone.

I'll assume you've followed the instructions and have uploaded a cert for whatever FQDN you're using.  You can see what IP addresses are listening if you go to VPN->SSL->Settings and right under the "listen on port" box you'll see the listener.

Get external, and go to that address.  For example: https://vpn.testcompany.com (if you have a cert and external DNS) or https://1.1.1.1 if you just want to test via IP address.

This will prompt you to install a plugin, once that's done, relaunch your browser or find the Fortigate SSL VPN client installed on the box.  Enter the username/password you set up under the portal and hit connect.

The phones are easier, just download the FortiClient VPN from either app store (Note, certain older android and iOS versions simply will not work), enter the same address as above, your credentials and hit 'connect', that's all there is to it.  You can verify the tunnel is working via whatever firewall rules you have enabled for the tunnel IP range you assigned to that particular portal.
btanExec Consultant
Distinguished Expert 2018
Commented:
though this short brief is not iOS or Android, it is similar since they will still use Forticlient apps. It is the short SSL VPN setup of the following
1. Creating a VPN portal with custom bookmarks (easier user access to internal resources)
2. Creating a user and user group (user auth identity within group via local/RADIUS/LDAP)
3. Configuring the VPN tunnel (interface and mapping user to portal access)
4. Creating security policies (allow internal access and internet access)
http://cookbook.fortinet.com/ssl-vpn-windows-phone-8-1/

Likewise for the notebook version and with RADIUS, can check out this and same step strategy but key is perform a RADIUS connectivity test from the Fortigate (e.g. by clicking Test Connectivity) and the client is the notebook version. Note it is using MS-CHAPv2 (userid/pass)
http://cookbook.fortinet.com/ssl-vpn-radius-authentication/
Eprs_AdminSystem Architect

Author

Commented:
the test from external was ok.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial