SSL VPN Site-to-Site

Forum|Forum|3 years ago
November 28, 2022
2 replies
5275 views

Hello All

Kindly i tried to configure SSL Site to Site between two firewall but unfortunatelly the guide cant help me especially on certificate point

I created PKI user with its certificate but face issue in Server Certificate and Client certificate So appreciated any one an sent me a guide to proceed this point step by step or advice me how can do this configuration

Thanks

FortiGate

lmarinovic

Staff

Hello,

You probably mean IPsec VPN? There is this document on how to configure the Site-to-site VPN with digital certificate:

https://docs.fortinet.com/document/fortigate/7.2.0/administration-guide/344213/site-to-site-vpn-with-digital-certificate

Hope it helps.

Best regards,

Lazar

gfleming

Staff

Are you actually intending to create an SSL VPN site-to-site tunnel? Can you not use IPSec? It will be easier...

If you need SSL-VPN follow these docs: https://docs.fortinet.com/document/fortigate/7.0.0/new-features/508779/fortigate-as-ssl-vpn-client

For Certificates you need a CA cert (can be your existing AD PKI or create a basic one using OpenSSL or something) and then sign some certs for the users and import those.

mhannaAuthor

New Member

Thanks for your reply

Actually i followed SSL-VPN follow these docs and i create certificate from fortiAuthenticator but i need to know which certificate should be choose on Server certificate and on client certificate client certificate.png Server Certificate.png

lmarinovic

Staff

Hi,

If you created the certificate from FortiAuthneticator as server certificate then you will need to select that one. You will also need to upload CA certificate from FortiAuthneticator to both FortiGates then. From the client side you will choose that FortiAuthenticator CA in PKI user in CA filed.

Best regards,

Lazar

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded