Skip to main content
mumer19
mumer19
New Member
November 7, 2022
Question

FortiClient IPSEC VPN with FQDN

  • November 7, 2022
  • 2 replies
  • 6807 views

Hi all, I want to implement a scenario in my office please help me out in the scenario.

I had an old Fortinet firewall FG-80C with firmware version 5.6 installed in it. The connectivity between the devices is in following way:

ONT -> Fortinet -> Unmanaged switch -> LAN users.

PPPoE is configured on ONT , I am unable to access the ONT as the credentials are with the ISP.

WAN2 interface of FG-80C is getting private IP 192.168.70.132/24 from ONT via DHCP. 

I had to configure FG-80C so that the employees remotely can access the File server placed inside the office via forticlient. 

I had also attached the topology that I need to implement.

 

It would be very helpful if anyone could help me making this scenario working.

 

Thanks in advance.Forticlient Ipsec VPNForticlient Ipsec VPN

2 replies

abarushka
Staff
abarushka
Staff
November 7, 2022

Hello,

 

You may consider to configure SSL VPN / IPsec. Please find the details below:

 

https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/559546/ssl-vpn-full-tunnel-for-remote-user (SSL VPN)

https://docs.fortinet.com/document/fortigate/5.4.0/cookbook/460465/ipsec-vpn-with-forticlient(IPsec)

 

Port forwarding should be configured on ONT device.

mumer19
mumer19Author
New Member
November 7, 2022

@abarushka thank for the reply.

As I already told that I don't have access to ONT and the ONT is configured in PPPoE mode. Firewall is getting Private IP not Public IP.

Internet connection is terminating on ONT not on my Firewall.

akristof
Staff
akristof
Staff
November 7, 2022

Hello,

Then only option is to use DDNS. So FortiGate will update DNS records and you will use this FQDN as remote server in your FCT Configuration. But ONT needs to be capable forward traffic from public IP to your private IP.

mumer19
mumer19Author
New Member
November 9, 2022

Dear Guys.

I configured the DDNS setup by third-party DDNS server (my-noip.com). I followed the URL (https://www.51sec.org/2018/10/20/configure-fortigate-ddns-with-free-ddns-service-noip-net/) to configure the third party DDNS. After configuring DDNS the firewall is accessible within the local network via example.ddns.net but unfortunately it is not accessible from outside the company network. 

The configuration is as below:

 

DDNS ConfigDDNS Config

 

akristof
Staff
akristof
Staff
November 9, 2022

Hello,

In that case verify with simple packet capture if any incoming packet is seen from wan2. If not, then possibly ISP is not forwarding packets from public IP to your device.

Terms & ConditionsAccessibility statement