Skip to main content
marcosta87
marcosta87
New Member
May 25, 2018
Question

VPN Site-to-Site FortGate 60E and Windows Server 2016 (directly)

  • May 25, 2018
  • 2 replies
  • 7404 views

Hello, 

 I need to establish a permanent VPN connection between my local network (FortiGate 60E for example) and a remote windows server 2016 (to share files between my local network and file server). I want to allow my users inside the local network access to the remote server, automatically, over s2s VPN connection. Is it possible?  

My end users use MAC OS computers, and outside LAN, they using a VPN L2TP/IPSec connection, the same protocol in windows server side. 

 

Thank you! 

    2 replies

    ede_pfau
    SuperUser
    ede_pfau
    SuperUser
    May 27, 2018

    hi,

    first thought: bad idea to expose a universal purpose OS to the internet. Very bad idea.

    You could use any used old FGT or a new FG-30E without UTM, just with FortiCare contract, as a secure VPN gateway. As an added benefit, it would make the VPN function completely independent of the server's OS hicckups and patches.

     

    OK, back to your question:

    the desktop models (smaller than FG-100x) offer L2TP client functionality. You configure it in the CLI only. It can use IPsec in phase2 for encryption. This is not as secure as a real IPsec VPN but people don't care too much.

    sw2090
    SuperUser
    sw2090
    SuperUser
    May 28, 2018

    Probably the clients could use FortiClient to set up a s2s vpn to your FGT and then you just need some policy to allow access from the vpn subnet to your server.

    This is what we do here with our Laptops when we are not at office.

    Terms & ConditionsAccessibility statement