Skip to main content
MRPUGH55
MRPUGH55
New Member
January 4, 2023
Question

Simple Queston

  • January 4, 2023
  • 4 replies
  • 2758 views

I have 20 customers needing VPN access to resources on my business network.  Yes, they can use Fortinet VPN Client, but what Fortinet product do I need installed on my gateway to allow them to connect?

 

thanks

Martin

4 replies

kcheng
Staff & Editor
kcheng
Staff & Editor
January 4, 2023

Hi @MRPUGH55 

 

In order for your user to connect to your business network, you will need to setup a VPN gateway. If you already owned a FortiGate, you can configure FortiGate as your VPN gateway. Depending on your need, you can configure either SSLVPN or IPSec VPN:

https://docs.fortinet.com/document/fortigate/6.0.0/Cookbook/690301/configuring-the-ssl-vpn-tunnel

https://docs.fortinet.com/document/fortigate/6.0.0/Cookbook/589121/ipsec-vpn-with-forticlient

MRPUGH55
MRPUGH55Author
New Member
January 4, 2023

Thanks.  But my question was regarding which Fortinet appliance/product I need to provide that VPN gateway.  I dont have anything yet.

pminarik
Staff
pminarik
Staff
January 4, 2023

Any modern FortiGate unit will suffice, see below:

If checking the datasheet, pay attention to the SSL-VPN throughput numbers. You should aim for a model that will sastisfy your throughput needs for all 20 users.

 

A FortiProxy would also work (it supports both SSL-VPN and IPsec), but that shouldn't be your first choice (FortiProxies are bought primarily for proxying, not for VPNs).

IT_Ahan2
IT_Ahan2
Explorer
January 4, 2023

you need one internet static IP as a gateway for configuring VPN 

gfleming
Staff
gfleming
Staff
January 4, 2023

You don't necessarily need static IP. You can use FortiDDNS service if you have dynamic IP.

sw2090
SuperUser
sw2090
SuperUser
January 5, 2023

Basically that doesn't even need to be a Fortinet product. Both sslvpn and IPSec are standardized so it would work with any vpn gateway.

However I never tried since I have fortigates as vpn gws where I need vpn.

pminarik
Staff
pminarik
Staff
January 5, 2023

Correct for IPsec (standardized, mostly inter-operable with possible issues usually stemming from implementation details), but wrong for SSL-VPN. No such thing as an "SSL-VPN standard" exists. SSL-VPN is a concept ("do a VPN by wrapping traffic in SSL/TLS/HTTPS"), but everyone does it their own way. FortiClient's SSL-VPN won't work with non-Fortinet products, and neither will arbitrary third party SSL-VPN clients work with FortiGate. (unless the author specifically made effort to make it compatible with FortiGates)

Terms & ConditionsAccessibility statement