SSL VPN Flashcards
What are the two modes of SSL VPN?
Tunnel mode with a client, more protocols
Web mode with only a web browser. Supports limited protocols like FTP, HTTP/HTTPS, RDP, SSH Telnet etc.
When users use Web Mode SSL VPN, what IP address is seen by internal devices?
Internal devices see the source address as the IP address of FTG, not the user’s IP Address
What interface does Tunnel mode SSL VPN create on a PC?
A virtual network adapter identified as fortiss1, receives an IP add from FTG.
Can FSSO remote password be used on SSL VPN?
No
What are the two modes that SSL VPN portals can operate in?
Tunnel mode: Enable split tunneling,
Web mode
Can you use both SSL VPN Client for VPN and SSL for administrative access on the same interface?
Yes, but you have to use different prot numbers.
What is the default timeout for SSL VPNs?
300 seconds or five minutes.
What are the two SSL tunnel IP allocation methods?
First available (default)
Round Robin
What must be done when you pick round-robbin IP allocation for SSL VPN?
You must set address IP pools in vpn ssl settings, as portal pools are ignored.
Do you have to create firewall policies for SSL VPN traffic?
Yes, otherwise no login portal is presented to users.
What interface does SSL VPN user traffic exit from?
ssl.<vdom_name></vdom_name>
What is the name of the exit interface for SSL VPN traffic if you have not enabled VDOMs?
ssl.root
If you disable split tunnelling for SSL VPN you must
also create a policy that enables traffic from the egress interface to the internet.
Can you use Client Integrity Checking on MACs?
No, only on Windows PC, because it uses the Windows Security Center to perform its checks.
What is a GUID?
It is the ID that identifies each Windows application. You can use it for Client Integrity Checking.