SSL VPN for Windows Phone 8.1


In this example, you will connect to a private network with a Windows Phone, using an SSL VPN.

This recipe is also available in Portuguese.

1. Creating a VPN portal with custom bookmarks

Go to VPN > SSL > Portals and create a new portal.

Enable both Tunnel Mode and Web Mode. Disable Split Tunneling and set Source IP Pools to use the default SSL VPN tunnel address range.

Under Predefined Bookmarks, create bookmarks to access resources on the internal network.


2. Creating a user and user group

Go to User & Device > User > User Definition and create a new local user.
Go User & Device > User > User Groups and create a new user group. Set Members to include the new user.

3. Configuring the VPN tunnel

Go to VPN > SSL > Settings and set Listen on Interface(s) to wan1.

Set Listen on Port to 10443 and Specify custom IP ranges using the default SSL VPN tunnel addresses.

Under Authentication/Portal Mapping, add the new user group.

4. Creating security policies

Go to Policy & Objects > Policy > IPv4.

Add a security policy allowing access to the internal network through the ssl.root VPN tunnel interface.

Set Incoming Interface to ssl.root.

Set Source Address to all and select the Source User new user group.

Set Outgoing Interface to the local network interface so that the remote user can access the internal network.

Set Destination Address to all, enable NAT, and configure any remaining firewall and security options as desired.


Add a second security policy allowing SSL VPN access to the Internet.

For this policy, Incoming Interface is set to ssl.root and Outgoing Interface is set to your Internet-facing interface.


3. Results

Using your Window Phone’s web browser, access the portal. The portal’s address is the IP address of your Internet-facing interface with the port the SSL VPN tunnel is listening to, and it must be accessed using HTTPS (in the example,

Log in using the credentials for your SSL VPN user.

After your credentials are accepted, you will be able to see the VPN portal.
Select one of the pre-defined bookmarks (in the example, the bookmark for a FortiManager device). You will be able to access the network resource.

For further reading, check out The SSL VPN web portal in the FortiOS 5.2 Handbook.


Victoria Martin

Victoria Martin

Technical Writer & Head Cookbook Chef at Fortinet
Victoria Martin works in Ottawa as part of the FortiOS technical documentation team. She graduated with a Bachelor's degree from Mount Allison University, after which she attended Humber College's book publishing program, followed by the more practical technical writing program at Algonquin College. She does need glasses but also likes wearing them, since glasses make you look smarter.
Victoria Martin

Latest posts by Victoria Martin (see all)

  • Was this helpful?
  • Yes   No
  • Alexis

    Super Useful. Im having problem making RDP/VNC/SMB to work via the portal… I can login and browse http/s. I think there is a compatibility thing. Have you make it work? Wont Fortinet release a WP8 client??

    • Bruce Davis

      Without seeing the configuration, it would be hard to suggest a reason for why there appears to be an issue with RDP/VNC/SMB connections. The first step in correcting this would be to isolate where in the path the issue is. I don’t see anything in the recipe that would block the traffic but I hate to make assumptions so I would check the configuration to make sure that the protocols that you need are allowed to go through the VPN tunnel and the firewall policy that is associated with the traffic. In order to help isolate where the issue is, the next step would be to use the FortiGate’s sniffer to see it the traffic is reaching and/or going through the FortiGate. The action after this will depend on the results of the test. Once you have this information it would probably be best to contact the Support Centre and work with them to further isolate the issue. Once you know exactly what the problem is it becomes much easier to figure out the solution.

      • Alexis

        thanks for the reply, I guess it’s a compatibilty issue in the browser. I’ll try to set IPSEC vpn instead. We have set up IPSEC VPN for Iphone with no problem, still won’t work in this phone… I think it has something to do with IKEv2 as we get “peer SA proposal not match local policy”. Thanks again.