Skip to main content
KuyaJerome
KuyaJerome
New Member
November 19, 2018
Question

Modem to Fortigate Port Forwarding VPN

  • November 19, 2018
  • 3 replies
  • 36178 views

Hi,

 

I am very new to Firewalls, though I configured some with the help of video tutorials. Now we have one on our own, I'm planning to configure it for Remote VPN so we can easily access our office files anywhere specially when we're in the field since we are IT service providers. 

 

I followed the instructions from this link https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=5&cad=rja&uact=8&ved=2ahUKEwjj3NiJ4N_eAhWQdd4KHc8XDwUQwqsBMAR6BAgEEAc&url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DpeDdJuuoLrU&usg=AOvVaw2aCsHEO16hXv4bonbLoHLQ

 

But I think this only applies when we are using the Public IP of our ISP. I set the WAN IP as DHCP. Now, I need the detailed instructions on how I can access our office LAN outside using Remote VPN. I think I have to port forward the Public IP of our router to the DHCP IP of the Fortigate. And I have no idea on how to do that. I hope I have someone I can talk with this.

 

Thanks and best regards,

 

Jerome

    3 replies

    Tim_86
    Tim_86
    New Member
    November 19, 2018

    Hi Jerome,

     

    Am correct you are using NAT on your modem to your Fortigate?

     

    You can configure SSL-VPN on a specific port like 10433.

    There is an entire topic about this in the cookbook how to setup a SSL-VPN and a policy.

     

    If you are using NAT on your modem you'll need to forward the SSL-VPN port to the WAN address your Fortigate received from your modem.

     

    The most pratical would be if your Fortigate would receive a public IP.

    This way you only have to follow the steps in the cookbook.

     

    Kind regards,

    Tim

    KuyaJerome
    KuyaJeromeAuthor
    New Member
    November 20, 2018

    Hi Tim,

     

    Thank you very much for the quick reply. I have attached an image of our current setup. I hope this will clear it up. The link I provided from the cookbook uses the Public values of the router, so Forticlient can easily lookup the IP of the Firewall. While on our side, we used DHCP for the Firewall.

     

    Tim_86
    Tim_86
    New Member
    November 20, 2018

    Hi Jerome,

     

    This is quite simple once you get the hang of it :D

     

    Your modem hands your Forti an IP of 192.168.0.20. (Try to make it static or a reservation).

     

    The only thing you need to do is forward the SSL-VPN port from your modem to 192.168.0.20.

     

    You  can change the port in the SSL-VPN settings to something like 8443 so it won't conflict with the webinterface that runs on 443(or change that).

     

    So in your modem you will forward port 8443 to 192.168.0.20 (all 8443 traffic wil be forawarded to the gateway of your fortigate)

    Your FortiClient can add a VPN profile that points to your WAN IP 124.105.x.x and port 8443.

    Out of safety precautions you might want to remove your real ISP IP.

     

    I see you've got your own DHCP/DNS server, the SSL-VPN has got his own IP range which VPN clients connect on.

    As long as your VPN clients point to the same DNS server, name resolvement for the internal network shouldn't be a problem.

     

    I hope this makes it a bit clear, good luck!

     

    connexionlivestock
    connexionlivestock
    New Member
    March 2, 2023

    Connexion Livestock is a platform that offers innovative solutions for livestock management. With its advanced technology and user-friendly interface, the platform provides farmers and ranchers with the tools they need to improve the health and productivity of their herds. The platform offers a convenient and efficient way for farmers and ranchers to find high-quality cattle for sale to add to their herds and for breeders to sell their animals to interested buyers.

    connexionlivestock
    connexionlivestock
    New Member
    March 3, 2023

    Hello Jerome,

    To access your office LAN outside using Remote VPN, you will need to set up port forwarding on your router to the Fortigate. Here are the steps you can follow:

    1. Assign a static IP address to the Fortigate device in your LAN.

    2. Log in to your router's web interface.

    3. Find the port forwarding section, which is usually located in the "Advanced" or "NAT" settings.

    4. Create a new port forwarding rule that forwards traffic from the VPN port (usually 1194 or 443) to the static IP address of the Fortigate.

    5. Save the changes and test the VPN connection from outside your office network.

    If you encounter any issues, you can consult the Fortigate documentation or contact their support team for assistance.

    By the way, if you're looking for a reliable livestock management solution, check out our website https://connexionlivestock.com. We offer a cloud-based platform that helps livestock producers manage their herds more efficiently and effectively. Feel free to contact us if you have any questions or would like to schedule a demo.

    Best regards,

    Terms & ConditionsAccessibility statement