Steps to Hardening FortiGate SSL VPN
HTML-код
- Опубликовано: 15 окт 2024
- This video go over the steps to Hardening FortiGate SSL VPN
1. Changing default ports or popular ports
2. Using MFA for Local user account
3. Limiting access to specific geography
4. Limit concurrent connection
5. Create NoAccess Portal
6. Block access to/from Tor Exit Node and Relays
Please like, Share this videos to encourage more training videos. Thanks
i didn't know that we can add email address under the user from the CLI. That's new to me. Thanks
best practice is to change the FGT management port also, not just the SSLVPN. Also hotels, motels and other such sites will probably block SSLVPN on a port other than 443.
You are absolutely correct about hotels and motels blocking port 443. I recommend people use their own personal Hotspot if possible. Public WiFi is not the best.
@@techy-world3716 I have seen here that cell hotspots also block non typical ports so 443 is also the best there
@@techy-world3716 Agree that public wifi is not best if you have using split tunnel then user can use ssl vpn and then all their traffic will be encrypted. Personal hotspot doesnt work well for sales or other guys if you are in different region due to cost.
I didn’t know you could set SMS for two-factor. Not great, but better than nothing.