If you want to import a CA certificate, put the CA certificate on your tftp server, then run following command on the FortiGate. However, CLI can import a CA certificates from a tftp server.
#FORTINET VPN INSTALLER INSTALL#
It is easier to install the server certificate from GUI. Show vpn certificate local server_certificate
To check server certificate is installed: If you want to import a p12 certificate, put the certificate server_certificate.p12 on your tftp server, then run following command on the FortiGate.Įxecute vpn certificate local import tftp server_certificate.p12 p12 However, CLI can import a p12 certificate from a tftp server. The server certificate is used for encrypting SSL VPN traffic and will be used for authentication. Connect Port1 interface to internal network.Ĭonfig system interface edit “port1” set vdom “root”Ĭonfig firewall address edit “192.168.1.0” set subnet192.168.1.0 255.255.255.0 Configure any remaining firewall and security options as desired.Ĭonfig system interface edit “wan1” set vdom “root”Ĭonfigure internal interface and protected subnet.Set schedule to always, service to ALL, and Action to Accept.Set Destination Address to the internal protected subnet 168.1.0.Set the Outgoing Interface to the local network interface so that the remote user can access the internal network.Set the Source Address to all and Source User to sslvpngroup.Incoming interface must be SSL-VPN tunnel interface(ssl.root).In this example: sslvpn certificate auth. Create new Authentication/Portal Mapping for group sslvpngroup mapping portal full-access.
#FORTINET VPN INSTALLER PASSWORD#
#FORTINET VPN INSTALLER PC#
Select Local PC and then select the certificate file.Go to System > Certificates and select Import > CA Certificate.In this example, it is used to authenticate SSL VPN users. The CA certificate is the certificate that signed both the server certificate and the user certificate. The server certificate now appears in the list of Certificates. If desired, you can change the Certificate Name.l Choose the Certificate file and the Key file for your certificate, and enter the Password. Go to System > Certificates and select Import > Local Certificate.Go to System > Feature Visibility and ensure Certificates is enabled. Go to Firewall & Objects > Address and create an address for internet subnet 168.1.0.Go to Network > Interface and edit the wan1.Port1 interface connects to the internal network. Configure the interface and firewall address.The SSL VPN connection is established over the WAN interface. WAN interface is the interface connected to ISP. This topic provides a sample configuration of SSL VPN that requires users to authenticate using a certificate.