Professional Documents
Culture Documents
Workspot Configuration Guide For The Fortinet Fortigate Firewall
Workspot Configuration Guide For The Fortinet Fortigate Firewall
Workspot, Inc.
4/8/2016
Fortinet FortiGate and Workspot Overview
The Fortinet FortiGate provides comprehensive threat protection with firewall, VPN (IPsec
and SSL), intrusion prevention, antivirus/antispyware, antispam, and web filtering
technologies. The platform also provides application control, data loss prevention, dynamic
routing for IPv4 and IPv6, endpoint NAC, and SSL-encrypted traffic inspection.
Once the FortiGate is installed on-premise or in the cloud, Workspot can be quickly
implemented as no additional hardware or software is required. The Workspot Client
securely connects to internal applications and services using the FortiGate SSL-VPN
feature.
The Workspot Client runs on Windows PCs, Macs, and mobile devices; Workspot Control,
a corresponding cloud-based administration console, is used to manage configuration and
policies for the environment.
The information and screens in this guide are based on the following:
FortiGate VM64, firmware Version v5.4.0,build1011 (GA)
Workspot Control (Release 4/7/16)
This document contains Workspot proprietary information and is not to be disclosed to unauthorized persons.
Version 1.1 pg. 1 of 12
3. SSL-VPN policy
4. SSL-VPN portal (optional)
5. Configuring the FortiGate in Workspot Control
This document contains Workspot proprietary information and is not to be disclosed to unauthorized persons.
Version 1.1 pg. 2 of 12
FortiGate Configuration for Workspot
These steps outline the basic configuration of a FortiGate firewall to support Workspot. Sign
into the administrator console.
1. Configure a User Group for the Workspot users. Go to User & Device > User Groups
and click +Create New
a. Enter a name for the User Group: Workspot SSL VPN Users.
b. Under Remote groups, select + Create New.
1a. 1a
>
1b
This document contains Workspot proprietary information and is not to be disclosed to unauthorized persons.
Version 1.1 pg. 3 of 12
c. Select the AD authentication server from the list of Remote Servers. Then click OK
and then OK again to save.
1c
This document contains Workspot proprietary information and is not to be disclosed to unauthorized persons.
Version 1.1 pg. 4 of 12
2. Configure the SSL-VPN. If the SSL-VPN is already configured, verify the following
settings. Go to VPN > SSL-VPN Settings
a. Set the Listen on Interface(s) to the interface connected to the external network
b. Set the Listen on Port to the HTTPS port. If port 443 used for the SSL VPN is on the
same interface as the administrator interface, then the administrator HTTPS port
under System > Settings must be set another port, e.g. 10443.
c. Select the SSL Server Certificate obtained from a Certificate Authority and imported
into this FortiGate. Otherwise, the Workspot users will be prompted to accept the
self-signed certificate when connecting to the SSL VPN.
d. Under Authentication/Portal Mapping, select +Create New.
2g
2a
2b
2c
2d
2f
This document contains Workspot proprietary information and is not to be disclosed to unauthorized persons.
Version 1.1 pg. 5 of 12
e. Select Workspot SSL VPN Users and web-access, then click OK.
2e
This document contains Workspot proprietary information and is not to be disclosed to unauthorized persons.
Version 1.1 pg. 6 of 12
3. Configure the SSL-VPN Policy. Go to Policy & Objects > IPv4 Policy and click +Create
New.
3a
Note: The Incoming Interface must
3b be set to SSL-VPN tunnel interface.
3c
3d
3e
This document contains Workspot proprietary information and is not to be disclosed to unauthorized persons.
Version 1.1 pg. 7 of 12
4. Configure the SSL-VPN Portal. Go to VPN > SSL-VPN Portals and select web-access
and click Edit.
a. Verify that Tunnel Mode is OFF and Enable Web Mode is ON.
b. Verify that the Show Connection Launcher is ON. This setting is not required for
Workspot but will allow a standard browser to test the FortiGate configuration; other
settings are also optional.
c. If modified, click OK to save the configuration.
4a
4b
4c
This document contains Workspot proprietary information and is not to be disclosed to unauthorized persons.
Version 1.1 pg. 8 of 12
Testing the Configuration
To test the configuration, use any standard browser and go to the URL associated with the
FortiGate, e.g. https://fortigate.mycompany.com/. Enter your AD Username and Password
then click Login.
intranet.mycompany.com
This document contains Workspot proprietary information and is not to be disclosed to unauthorized persons.
Version 1.1 pg. 9 of 12
The internal web page should be opened in a new tab.
https://fortinet.mycompany.com/proxy/http/intranet.mycompany.com
This document contains Workspot proprietary information and is not to be disclosed to unauthorized persons.
Version 1.1 pg. 10 of 12
Configuring the FortiGate VPN in Workspot Control
To configure the VPN for Workspot users, sign into Workspot Control, then go to Setup >
VPN > Add New VPN, then enter a name, the external URL for the FortiGate VPN, and
Fortinet as the SSL VPN Type. Select the group(s) which will use the FortiGate and then
click Save.
This document contains Workspot proprietary information and is not to be disclosed to unauthorized persons.
Version 1.1 pg. 11 of 12
Troubleshooting
This document contains Workspot proprietary information and is not to be disclosed to unauthorized persons.
Version 1.1 pg. 12 of 12