SSL VPN has become a bit of an ‘easy button’ in the world of remote access. As configuration on the client side is minimal when compared to IPSEC, and it leverages the well known HTTPS protocol.
One common feature I get asked about is authentication realms, an authentication realm is used to authenticate a group of users against a common authentication source (Radius, LDAP, etc.). Generally speaking the realm URLs look like this:
Which works well for many folks, however sometimes its easier to use a custom “virtual hostname” or FQDN for the sake of ease of use, an example URL would look like this:
I had worked with several other vendor solutions that support both formats and tried to find it in FortiOS. It took me a bit of digging; however, I did end up finding the solution. I want to share this with you in hopes it saves some time.
Assumptions:
This has been tested on FortiOS 6.2.x and 6.0.x
SSL-VPN Realms is enabled under system > feature visibility
I am using my domain provider’s DNS, your milage may vary if you’re using dynamic DNS
A note on custom FQDNs, this feature appears to only be available in the CLI. Once it's enabled the virtual host option is visible in the GUI.
That being said, here’s how you configure custom realm FQDNs - in this case we want to add a consultant realm:
config vpn ssl web realm edit consultant set virtual-host consultant.ultraviolet.network next end
As you can see, the virtual host field appears after we make the changes via CLI:
When we browse to consultant.ultraviolet.network we get the consultant login page:
And that’s it! I hope this has been helpful, thank you for reading.