SAS ITVPN Done Right vs VPN Done Quickly
Many Dubai businesses have a VPN — but most are set up incorrectly. No MFA, full tunnel routing, no session timeout, accounts never removed for ex-staff. Here is how to do it properly.
The Right VPN Setup for UAE Businesses
Platform: If you have a Fortinet FortiGate firewall (which most Dubai SMEs do), SSL VPN is already included at no extra cost. You are paying for it — use it.
What SSL VPN does: Users install the FortiClient app, enter their credentials and MFA code, and connect. All traffic to the office network is encrypted. Split tunnelling means only office-bound traffic goes through the VPN — internet browsing stays direct.
Step-by-Step SSL VPN on FortiGate
Step 1: Create a VPN User Group
- Add all remote staff to a dedicated Active Directory group or local FortiGate group
- Separate remote workers from admin accounts
Step 2: Configure SSL VPN Portal
- Enable split tunnel: office subnets only route through VPN
- Set idle logout: 60 minutes
- Set maximum connection: 8 hours per session
Step 3: Enable MFA
- Use FortiToken Mobile (free app) or TOTP authenticator
- Every user must have MFA — this is non-negotiable
- No MFA = a stolen password = full network access
Step 4: Create Firewall Policy
- Source: SSL VPN interface
- Destination: internal subnets
- Enable IPS inspection on VPN traffic
Step 5: Deploy FortiClient to Staff
- Download FortiClient from Fortinet portal
- Pre-configure with your VPN gateway address
- Run a 30-minute training session for all staff
UAE-Specific Consideration: TRA VPN Rules
Personal VPNs to bypass content filtering are restricted in the UAE. Business VPNs used for legitimate corporate access are permitted and commonly used by multinational companies operating in the country.
Common Staff Complaints and Fixes
| Complaint | Fix |
|---|---|
| VPN is too slow | Check split tunnel is enabled — full tunnel routes everything |
| Cannot connect from home | Check ISP is not blocking VPN ports |
| Session keeps dropping | Increase idle timeout, check home router NAT settings |
| Cannot access printers | Add printer subnet to split tunnel routes |
Offboarding: What Most Companies Forget
When staff leave, disable their VPN account on the same day. VPN accounts for ex-employees are one of the most common attack vectors in business breaches.
Best practice: Tie VPN accounts to Active Directory. When AD account is disabled, VPN access is automatically revoked.
SAS IT configures and manages FortiGate VPN for Dubai businesses. Get setup help | +971-526716178
*Related: Networking & Security Dubai | Managed IT Services Dubai*
Tags
SAS IT Services — Dubai
Need expert IT support?
Our certified engineers cover all of Dubai & UAE with same-day response and 24/7 support contracts.