SSL VPN

SSL VPN

Significant SSL VPN web portal improvements (287328, 292726, 299319)

Significant updates and improvements have been made to the SSL VPN web portal in preparation for future browser updates, and in order to support all browsers:

  • SSL VPN web portal redesigned.
  • SSL VPN tunnel mode widget no longer works in the web portal.The tunnel mode widget used a deprecated NPAPI plugin mechanism to send the tunnel client to the browser for local system execution—this is a popular exploitation vector. FortiClient is now required for tunnel mode SSL VPN.
  • SSL VPN Web mode RDP Native java applet removed.
  • Removed unnecessary options from RDP bookmark and changed to HTML5 RDP.
  • Cache cleaning function has been removed.

Implement post-authentication CSRF protection in SSL VPN web mode (287180)

This attribute can enable/disable verification of a referer in the HTTP request header in order to prevent a Cross- Site Request Forgery attack.

Syntax:

config vpn ssl settings

set check-referer [enable|disable]

end


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

3 thoughts on “SSL VPN

  1. John Petersen

    In 5.4.1 is there any way to disable display of the “download forticlient” button? as there was in 5.2… They’ve removed the CLI option and there appears to be no GUI option either. As this is an end user interface, and users will be users, they get confused about the purpose of the button. Thanks!

    Reply
    1. Mike Post author

      The documentation definitely states that they removed it. I have not been able to tie down a way to remove it in 5.4.1 unfortunately. Fortinet hasn’t had an answer for me either.

      Reply

Leave a Reply to John Lee Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.