How to do SSLVPN login redundant ?

Forum|Forum|7 years ago
July 17, 2018
2 replies
5207 views

I have two WAN interface - wan1 and wan2.

SSLVPN is Listen on Interface wan1.

How do I setup the redundancy of sslvpn ? Only add WAN2 on Listen interface ?

Sorry I cannot do the experiment, cuz my Fortigate 200D is on production.

Thank you.

5.4

Best answer by Toshi_Esumi

Don't forget the client side needs two separate profiles and the user manually need to choose one over the other.

To me it's pretty safe to test (adding wan2 and test SSL VPN into wan2) on the live unit without affecting to any other services including existing SSL VPNs via wan1. But if you're super careful (I wish I were), you might want to set a maintenance window and do the testing.

rwpatterson

New Member

Welcome to the forums.

For SSL VPN, I believe you simply create the appropriate policies and static router entries and you're good to go. Unlike IPSec VPN, SSL VPN isn't tied down by IP address on the way in, so policy alone should be good enough.

robert_huaAuthor

New Member

Sorry I am not good at Fortigate...

Could you describe more detail about how to create the policies and static route for "sslvpn redundancy" ?

In policy :I have SSL-VPN tunnel interface(ssl.root)-LAN

In static route : I have destination route only

Very appreciate !

Toshi_EsumiAnswer

SuperUser

Don't forget the client side needs two separate profiles and the user manually need to choose one over the other.

To me it's pretty safe to test (adding wan2 and test SSL VPN into wan2) on the live unit without affecting to any other services including existing SSL VPNs via wan1. But if you're super careful (I wish I were), you might want to set a maintenance window and do the testing.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded