İçeriğe geç

FORTIGATE SSL VPN KURULUM

Bilgi:

SSL VPN, Güvenli Yuva Katmanı (Secure Sockets Layer) protokolü ile çalışan ve Web tarayıcıları ile HTTPS (Hiper Metin Transferi Protokolü – Güvenli) protokolü üzerinden erişilebilen bir VPN çeşitidir.

SSL VPN ile aşağıdaki durumlar sağlanmış olur:

  • VPN ile bağlanmış olan tüm ağlar, sanki aynı ağdaymış gibi çalışır.
  • Merkez ve diğer lokasyonlar arasında merkezden yönetilebilir bir ağ yapısı sağlanmış olur.
  • Ağlardaki yerel ağ alt yapısı veya IP adresleri değişmeden, SSL teknolojisi ile güvenliği sağlanan bir veri iletim ortamı oluşur.
  • Yönetici tarafından erişim izinleri farklı olarak atanabilir ve böylece bazı kaynaklara erişim kısıtlanabilir. Erişimin kısıtlanabilir olması bir güvenlik önlemidir. Örneğin bir şirket, iş ortağının sadece hafta içi mesai saatleri içerinde ağ kaynaklarına erişim izni vermek isteyebilir. Böylelikle sistem hep kontrol altında tutulur. 
  • SSL VPN teknolojisi ile yapılabilecek genel uygulamalar içinde; e-posta, dosya paylaşımı, dosyalara uzaktan erişim ve uzaktan sistem yönetimi bulunur. 

Talimatlar:

1)SSL VPN PORTAL OLUŞTURMA;

İlk yapmamız gereken bir tane SSL VPN portalı oluşturmamız gerek veya var olan bir ssl vpn portalını da kullanabiliriz.

NOT: Routing Address’i Addresses policy’i oluşturduktan sonra bind ediyoruz.

VPN > SSL-VPN Portals > Create New(veya var olanı seç)

2) SSL VPN SETTİNGS OLUŞTURMA;

SSL VPN Portalımızı oluşturduktan sonra SSL VPN Settings’i oluşturmamız gerekiyor.

SSL VPN Setting’imizi oluştrurken SSL VPN yapacak kullanıcıları eklememiz gerekmektedir. Kullanıcıları User &Device > User Deifinition > Creat New diyerek ekleyebilirsiniz veya aşağıda da gözüktüğü üzere Creat New diyerek oluşturabilirsiniz.

VPN > SSL VPN Settings

Listen on İnterface: Dış bacağımız yani WAN

Listen on Port: SSL VPN için kullanacığınız port

Authentication/Portal Mapping: SSL VPN yapacak user veya user group’ları

3) ADDRESSES POICY OLUŞTURMA;

SSL VPN Portals ve Settings’i oluşturduktan sonra Addresses policy’i oluşturmamız gerek ve bu oluşturmuş olduğumuz Addresses policy’i SSL VPN Portals’a bind etmemiz gerekiyor.

POLICY & OBJECT > Addresses > Create New

4) IPv4 POLICY OLUŞTURMA;

Addresses policy’i oluşturduktan sonra bir adet “Local” için bir adet de “Wan” interface’leri için IPv4 Policy’i oluşturmamız gerekiyor.

POLICY & OBJECT >IPv4 Policy > Create New

5) MODEM’ DEN PORT AÇMA;

FortiGate üzerindeki bütün işlemleri gerçekleştirdikten sonra modemimizden FortiGate’ de belirlediğimiz portu açmamız gerekmektedir.

Dış Başlangıç Port: 10443

Dış Bitiş Port: 10443

İç Başlangıç Port: 10443

İç Bitiş Port: 10443

Yerel Kullanıcı: Firewall’umuzun ip address’ini yazıyoruz.

Tarih:FORTINETMakaleler

27 Yorum

  1. You’re so awesome! I do not believe I have read anything like that before.
    So good to find somebody with original thoughts on this subject matter.
    Really.. thank you for starting this up. This site is something that is needed on the web, someone with some originality!

  2. Pretty! This was a really wonderful post. Many thanks for providing these details.

  3. I do trust all of the ideas you’ve presented on your post. They’re really convincing and can definitely work. Nonetheless, the posts are very short for starters. Could you please lengthen them a little from next time? Thank you for the post.|

  4. Undeniably believe that which you said. Your favorite reason appeared to be on the internet the simplest thing to be aware of. I say to you, I certainly get irked while people consider worries that they plainly do not know about. You managed to hit the nail upon the top and also defined out the whole thing without having side-effects , people could take a signal. Will likely be back to get more. Thanks|

  5. It’s awesome designed for me to have a site, which is beneficial designed for my knowledge. thanks admin|

  6. I blog frequently and I genuinely thank you for your information. The article has really peaked my interest.
    I’m going to book mark your site and keep
    checking for new details about once per week.

    I subscribed to your RSS feed too.

  7. I constantly spent my half an hour to read this weblog’s posts everyday along with a mug of coffee.|

  8. When someone writes an post he/she keeps the idea of a user in his/her brain that how a user can understand it. Thus that’s why this paragraph is amazing. Thanks!|

  9. Asking questions are actually nice thing if you are not
    understanding anything completely, except this post gives fastidious understanding
    even.

  10. Excellent blog here! Also your website loads up very fast! What host are you using? Can I get your affiliate link to your host? I wish my site loaded up as quickly as yours lol|

  11. Hi! Would you mind if I share your blog with my zynga group? There’s a lot of people that I think would really enjoy your content. Please let me know. Cheers|

  12. Wonderful beat ! I would like to apprentice while you amend your website, how could i subscribe for a blog
    web site? The account helped me a acceptable deal. I had been a little bit acquainted of this your broadcast offered bright clear concept 0mniartist asmr

  13. Your style is very unique compared to other folks I’ve read stuff from.

    Thanks for posting when you have the opportunity, Guess I’ll just bookmark
    this web site. asmr 0mniartist

  14. I was curious if you ever considered changing the structure of your blog?
    Its very well written; I love what youve got to say. But maybe you could a little more in the
    way of content so people could connect with it better.
    Youve got an awful lot of text for only having 1 or two images.
    Maybe you could space it out better? asmr 0mniartist

  15. I appreciate, result in I found exactly what I was
    taking a look for. You’ve ended my 4 day lengthy hunt!
    God Bless you man. Have a nice day. Bye 0mniartist asmr

  16. Wow, awesome blog layout! How long have you been blogging for?

    you make blogging look easy. The overall look of your website is wonderful,
    as well as the content! 0mniartist asmr

  17. Link exchange is nothing else but it is only placing the other person’s weblog link on your
    page at proper place and other person will also do similar in support of you.

  18. I am regular reader, how are you everybody? This paragraph posted at this website is in fact nice.|

  19. Good post! We will be linking to this great content on our site.
    Keep up the great writing.

  20. Post writing is also a excitement, if you be familiar with then you can write if not it is difficult to
    write.

  21. Excellent blog here! Also your site loads up fast! What host are you
    using? Can I get your affiliate link to your host? I wish my site loaded up as
    fast as yours lol

  22. Good day! This is my 1st comment here so I just wanted to give a quick shout out and tell you I really enjoy reading
    through your articles. Can you recommend any other blogs/websites/forums that
    deal with the same subjects? Many thanks!

  23. I’ll right away grasp your rss feed as I can not to find your e-mail subscription hyperlink or e-newsletter service.
    Do you have any? Kindly allow me understand so that I may just subscribe.
    Thanks.

Bir cevap yazın

E-posta hesabınız yayımlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir