SSL VPN (5.6.1)

SSL VPN (5.6.1)

New SSL VPN features added to FortiOS 5.6.1.

Added a button to send Ctrl-Alt-Delete to the remote host for VNC and RDP desktop connections (401807)

Previously, users were unable to send Ctrl-Alt-Delete to the host machine in an SSL VPN remote desktop connection.

FortiOS 5.6.1 adds a new button that allows users to send Ctrl-Alt-Delete in remote desktop tools (also fixes 412456, preserving the SSL VPN realm after session timeout prompts a logout).

Improved SSL VPN Realms page (0392184)

Implemented minor functional changes to the dialog on the SSL VPN > Realms page:

l URL preview uses info message similar to that seen on the SSL VPN settings dialog. l Virtual-Host input is now visible when set in the CLI. l Added help tooltip describing what the virtual-host property does.

Customizable FortiClient Download URL in SSL VPN Web Portal (437883)

A new attribute, customize-forticlient-download-url, is added to vpn.ssl.web.portal.

The added attribute indicates whether to support a customizable download URI for FortiClient. This attribute is disabled by default. If enabled, two other attributes, windows-forticlient-download-url and macosforticlient-download-url, will appear through which the user can customize the download URI for

FortiClient.

Syntax

config vpn ssl web portal edit <portal> set customize-forticlient-download-url {enable | disable} set windows-forticlient-download-url <custom URL for Windows> set macos-forticlient-download-url <custom URL for Mac OS>

next

end

Added split DNS support for SSL VPN (434512)

Split DNS is now supported for SSL VPN. This feature allows you to specify which domains will be resolved by the DNS server specified by the VPN while all other domains will be resolved by the locally specified DNS.

This feature is useful in both Enterprise and MSP scenarios (when hosting multiple SSL VPN portals).

Syntax config vpn ssl web portal

SSL VPN (5.6.1)

edit <name> config split-dns-domains edit 1 set domains “abc.com, cde.com” set dns-server1 192.168.1.1 set dns-server2 192.168.1.2 set ipv6-dns-server1 2000:2:3:4::5 set ipv6-dns-server2 2000:2:3:4::6

next …

end

end

Support SSL VPN function in browsers without plugins: Citrix/RDPNative/Port forward

(437886)

Syntax

config vpn ssl web user-bookmark edit <name> config bookmarks edit “rdpnative” set apptype rdpnative set description “rdpnative” set host “172.16.68.188” set additional-params ” unset full-screen-mode set screen-height 768 set screen-width 1024

next

end

next

end

SSL VPN SSO Support for HTML5 RDP (417248)

This feature adds support for SSO from the SSL VPN portal to an RDP bookmark. If SSO is used, then the credentials used to login to SSL VPN will be automatically used when connecting to a remote RDP server.

Syntax

conf vpn ssl web user-bookmark edit <name> config bookmarks edit <name> set apptype rdp set host “x.x.x.x” set port <value> set sso [disable | auto]

next

end

next end

(5.6)


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

This entry was posted in FortiOS 5.6 on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.