Skip to main content
MustphaBassim
MustphaBassim
New Member
May 24, 2022
Solved

SSL VPN dual interface

  • May 24, 2022
  • 1 reply
  • 7673 views

Hello all

I hope you are fine and safe .

 

I have two different public IPs from ISP I want to setup SSL vpn on both IPs on the device the default route is now going to ISP one take in mind there is policy route for network towards ISP two for some of users so how could make the device response from ISP Two interface and ISP one interface for SSL VPN

 

Bests

Best answer by aahmadzada

Hi @MustphaBassim,

 

In order to make it work be sure to configure:
1. Two equal default routes via ISP1 and ISP2
2. Enable preserve-session-route option on both wan interfaces: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Enabling-the-preserve-session-route/ta-p/197976

 

Once it is done, you`ll be able to connect to the sslvpn via both wan interface and you`ll be sure that the session traffic that was established via wan1 will not be routed via wan2 and vice versa.

 

Ahmad

1 reply

A
Anonymous_User
Contributor
May 24, 2022

Hello,

How you've configured the two IPs? they are on the same Interface (using secondary configuration)? or both are using different Interfaces? 

To configure the VPN just add the respected Interface in the SSL VPN Configuration,

>> If you've configured secondary IP you've to call the single Interface 
Single Interface.PNG

 

>> If you're using Multiple Interfaces call both the Interface in the SSL VPN configuration
Multiple Interface.PNG

 

>> After that configure the respected Portal and map with the user, create the route and policy SSL VPN will work.

MustphaBassim
MustphaBassimAuthor
New Member
May 25, 2022

Hello dear thnx for reply but the problem as I see is the firewall is re route the traffic comming from ISP 2 towards ISP 1 which cause the issue

aahmadzada
Staff
aahmadzadaAnswer
Staff
May 25, 2022

Hi @MustphaBassim,

 

In order to make it work be sure to configure:
1. Two equal default routes via ISP1 and ISP2
2. Enable preserve-session-route option on both wan interfaces: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Enabling-the-preserve-session-route/ta-p/197976

 

Once it is done, you`ll be able to connect to the sslvpn via both wan interface and you`ll be sure that the session traffic that was established via wan1 will not be routed via wan2 and vice versa.

 

Ahmad

Terms & ConditionsAccessibility statement