Added options to allow firewall addresses to be used in routing table for SSL VPN (265430)

If destination Named Address is set in Network > Static Routes and Address Range is set to Automatically assign addresses in VPN > SSL-VPN Settings, SSL VPN should refresh the routing table automatically.

 

HTTP to HTTPS redirect support (278728)

The admin HTTP port can now be redirected to the admin HTTPS port. This is enabled in VPN > SSL- VPN Settings using the option Redirect port 80 to this login port.

There are two likely scenarios for this:

• SSL VPN is not in use, in which case the admin GUI runs on port 443 or 10443, and port 80 is redirected.
• SSL VPN runs on port 443, in which case port 80 is redirected to 443 and the admin port runs on 10443. If the administrator chooses to run SSL VPN on port 80, the redirect option is invalid.

This can also be configured in the CLI as described below.

Syntax:

config vpn ssl settings

set https-redirect [enable | disable] (default: disabled)

end

 

Removed guest group and SSO group (303041)

Guest group and SSO group have been removed from config user group and config vpn ssl web user-group-bookmark.

 

CLI changes (299319)

Removed the following obsolete/unnecessary portal options from the CLI:

config vpn ssl web portal edit <name>

set auto-prompt-mobile-user-download  REMOVED

set display-forticlient-download  REMOVED

set display-history-limit  REMOVED

set page-layout  REMOVED

set cache-cleaner  REMOVED

end

end

 

Removed the following unnecessary RDP bookmark options from the CLI in preparation for HTML5 RDP:

 

config vpn ssl web <user-bookmark|user-group-bookmark>

edit <group/user name>

config bookmarks edit <bookmark>

set full-screen-mode  REMOVED

set screen-height  REMOVED

set screen-width  REMOVED

set keyboard-layout  REMOVED

end end

end end