Technical Tip: Enable DTLS in an AWS environment
| Description | This article demonstrates how to enable DTLS in an AWS environment. |
| Scope | AWS FortiGate. |
| Solution | Consider the following example scenario: A customer must enable DTLS in their SSL VPN connection. DTLS is already enabled on the FortiGate side, but packet capture and debug logs show that traffic is passing over TLS. DTLS is already enabled on the FortiGate side.
Below is the packet capture on the test machine. As shown, only 'Client Hello' packets are observed on the test machine.
However, on the FortiGate side, no DTLS packet is received:
To resolve this, the custom UDP port should be configured on the AWS side.
After making the changes, two-way DTLS traffic can be observed:
See Enable DTLS on FortiGate - FortiGate documentation for a general guide on how to enable DTLS on FortiGate. |
