VPN connection with different public IP

Forum|Forum|6 years ago
May 19, 2020
1 reply
11657 views

Hello everybody, I hope you can help me with this, since I am beggining with fortinet

I already have configured a SSL VPN, with LDAP through my wan1 interface, and everything is working properly. but now I want to use another public IP to set the vpn connection, my ISP give me a couple of public IPs that I can use, but I do not know how to handle this. I know I can assign a secundary IP in interface wan1, but I read this is not secure.

I have a Fortigate 60D in switch mode.

any suggestions?

best regards!

sw2090

SuperUser

if there is only one ISP Connection with more than one IP. You can only add a second ip to your wan and then use that as remote gw for your vpn.

Even if there is a route behind that has a switch that won't work any other way due to the routing ;)

ede_pfau

SuperUser

eh, back to the question, yes, you would create a secondary address on the WAN interface and refer to it for IPsec VPN. FortiOS does not support multiple SSLVPN web portals, that's why I assume you would want to add an IPsec VPN.

In order to make it work, specify the secondary address in the CLI, "config vpn ipsec phase1-interface".

IMHO there is nothing more insecure about a secondary address than a primary one. Hearsay is not a good advisor.

0skarprezAuthor

New Member

Thank you ede_pfau

so definetly as I see, I have to use the secundary address option, am I right?

I've tested the sec address option, and it works, the only thing is that users can connect the VPN over those 2 IPS I mean, the wan interface, and the secundary

in this case , should I create then an IPsec VPN, instead of SSL? would you recommend that?

thaks all for your support!

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded