What’s new in FortiOS Version 4.0 MR1 SSL VPN enhancements
FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903 39
http://docs.fortinet.com/ • Feedback
IP address ranges are now defined as firewall addresses
Several IP address ranges for tunnel mode SSL VPNs are defined in FortiOS 4.0 MR1
using firewall addresses and you can specify multiple ranges:
Tunnel IP ranges
In the tunnel widget configuration, the start-ip and end-ip keywords have been
removed. Instead, you specify one or more firewall addresses using the new ip-pools
keyword, like this:
config vpn ssl web portal
edit <portal_name>
config widget
edit <widget_id>
set name <name_str>
set type tunnel
set ip-pools ip_pool1 ip_pool2
end
end
You define ip_pool1 and ip_pool2 using the config firewall address
command. Only range and subnet address types are allowed.
Split tunnel IP ranges
Use the new split-tunneling-routing-address keyword to specify one or more ranges of IP
addresses that are reached through the SSL VPN, like this:
config vpn ssl web portal
edit <portal_name>
config widget
edit <widget_id>
set name <name_str>
set type tunnel
set split-tunneling enable
set split-tunneling-routing-address ip_pool1 ip_pool2
end
end
You define ip-pool1 and ip_pool2 using the config firewall address
command. Only range and subnet address types are allowed.
Tunnel mode client address ranges
In the SSL VPN settings, the tunnel-startip and tunnel-endip keywords have
been removed. Instead, use the new tunnel-ip-pools keyword to define the one or
more ranges of IP addresses reserved for remote clients:
config vpn ssl settings
set tunnel-ip-pools ip_pool1 ip_pool2
end
You define ip_pool1 and ip_pool2 using the config firewall address
command. Only range and subnet address types are allowed.
To Next Page
Loading...
Need help?
General
