This document provides an overview of the features included in FortiOS 5.2, including IPsec and SSL VPN capabilities, SSL offloading and inspection, and virtual desktop features for SSL VPN. Key capabilities mentioned are IPsec and SSL VPN configurations, customizable SSL VPN portals, application control and host checking for virtual desktops, and SSL traffic inspection options. Contact information is also provided for certified experts in Fortinet products.

1. © Copyright Fortinet Inc. All rights reserved.
Inside FortiOS VPN
Versione 5.2.4 – Mar 2015
Lan & Wan Solutions – Soluzioni Informatiche per Reti Locali e Geografiche

2. 2
FortiOS Features

3. 3
FortiOS 5.2 Feature Set
ATP OSS Support AAA Central Mgmt. Integrations
Configuration Visibility Log & Report Diagnostics Management
Anti-Malware IPS
Application
Control
Web
Filtering
Email Filtering
Firewall VPN DLP
User & Device
Identity
SSL inspection Security Functions
Wireless
Controller
Switch
Controller
Endpoint
Manager
Token Server
Vulnerability
Scanner Extensions
:::::::::: Virtual Domains :::::::::: Virtual Systems
Routing NAT/CGN WAN Link / Server LB Wan Optimization
Network Functions
L2/Switching IPv6 QoS High Availability
NAT/Route Transparent Sniffer Operating Modes
LAN WiFi WAN Network Interface
Physical Appliance (+ASICS) Hypervisor Cloud Platform
* Features may varied by models

4. 4
Overview VPN
IPSEC VPN
 Standard Based Protocol Support
 Policy and route based configurations
 Hub-and-Spoke, mesh VPN
architectures
 Redundant tunnels
 Spilt Tunneling
 Remote VPN with FortiClient
 VPN Wizard
SSL VPN
 Web and Tunnel Mode
 Customizable Portal with bookmarks
 Virtual Desktop & Host Check
Other VPN Features
 L2TP (Microsoft) & GRE
 Hardware Acceleration*
 No Additional Licenses required
 Integrates with UTM functions
protects Internal resources
against remote traffic
SSL VPN Portal
*applicable to supported models

5. 5
Wizard
 Step-by-step Guided IPSEC
configurations
» Custom defined
» Predefined Templates
 Covers authentication &
Network settings
» No need to create separate
phase1 objects for different user
groups as authorization is
handled by Firewall policy
IPSEC VPN

6. 6
Web Application Mode
• Support via Java
Applets
• Limited application
support: HTTP/HTTPS,
FTP, SMB/CIFS,
TELNET, SSH, VNC,
RDP, Citrix
• Ease of use
Access Modes
Tunnel Mode
• Support via SSL VPN
Client, requires
download & install
• Unlimited L3 application
support
SSL VPN
Port Forward Mode
• Support via Java
Applets
• Extends applications
supported by web
application mode
• Does not need admin
privilege to install and
run

7. 7
SSL VPN Portal
Customized header,
logo, themes and page
layout
Customized Widgets
Tunnel Mode Widget
SSL VPN
Web Mode bookmarks
Session Stats and status

8. 8
SSL VPN Portal
User group based portal access
 Ability for MSP to create and set different portal access without using
VDOMs
» URL path (i.e. suffix to bind to), Max concurrent users, Custom login page
 Custom login profile selection on per SSL VPN usergroup policy
SSL VPN
https://sslvpn/customerA/ https://sslvpn/customerB/

9. 9
Virtual Desktop
 CLI Command
 Available for Windows terminals only
SSL VPN
Application Control:
• Controls which applications
users can run on their virtual
desktop.
• By creating a list of either
allowed or blocked applications
which you then select when you
configure the virtual desktop.
• Application Definitions is by
MD5 Signatures
Host Check:
• Enforces the client’s use of
antivirus or firewall software,
• Offers predefined list which can be
edited
• Customized applications can be
added with globally unique
identifier (GUID)
• Windows patch check (on CLI only)
allows admin to define the
minimum Windows version and
patch level allowed
» Supports Windows 2000, XP,
Vista & 7
File Access:
• Completely isolates the SSL VPN
session from the client
computer’s desktop environment
• All data is encrypted, including
• cached user credentials
• browser history
• cookies
• temporary files and user files
created during the session.
• When the SSL VPN session ends
normally, the files are deleted.

10. 10
Single Sign-on
 Available on Admin defined
Web-Mode HTTP/HTTPS
bookmarks
 Allow user to log into the SSL
VPN without having to enter
any more credentials to visit
preconfigured website
 2 Modes:
» Automatic - Use user’s SSL
VPN credentials for login
» Static - Fill in the login
credentials as defined by
specified field name
SSL VPN

11. 11
Overview SSL Offloading & Inspection
SSL Offloading
 SSL Offloading for WANOPT & reverse
web caching
 SSL Offloading for SLB
SSL Inspection
 Facilitate UTM on SSL encrypted
applications
 “SSL Cert Inspection” and “Full SSL
Inspection” modes
 Intercept and proxy SSL
encrypted Traffic for UTM for
more security
 SSL offloading from web servers
to economical secure web
access offering
SSL Inspection Option

12. 12
Overview
SSL Inspection Exemptions
 Allows admin to build exclusion list using
» Web Categories with defaults
» (Destination) Address Object - FQDN or IP addresses
 Applicable to both “SSL Cert Inspection” and “Full SSL Inspection”
modes
SSL Offloading & Inspection

13. 13
Contattaci Gratuitamente …
Certified experts in Fortimail and email
security
Certified experts in Fortiweb and web
application firewall protection
Certified experts in FortiAp, FortiWifi
and wireless security
CONTACTS
Tel. +39 049 8843198 DIGIT (5)
contacts@lanewan.it
www.lanewan.it
In questi anni di partnership con la casa madre,
Lan & Wan Solutions ha ottenuto tutte le
specializzazioni previste nei vari iter di certifica-
zione, raggiungendo la qualifica di Partner Of
Excellence.