DescriptionThis article explains how to achieve SSL VPN redundancy using two WAN links.
ScopeIn order to guarantee VPN
connectivity to any of both WAN interfaces you may do the following:
SolutionUse the following steps in order to guarantee VPN connectivity to any of both WAN interfaces.
FortiOS v5.2
Define them in VPN > SSL > Settings > Listen on Interface(s) and make sure that both are added.
Or by CLI:
config vpn ssl settings
set source-interface "wan1" "wan2"
end
Configure DynDNS including both interfaces to access the VPN by name at System > Network > DNS > FortiGuard DDNS.
Or by CLI:
config system ddns
edit 1
set ddns-server FortiGuardDDNS
set ddns-domain "<name>.fortiddns.com"
set monitor-interface "wan1" "wan2"
next
end
FortiOS v5.0
Configure DynDNS including both WAN interfaces to access the VPN by name at System > Network > DNS > FortiGuard DDNS.
Or by CLI:
config system ddns
edit 1
set ddns-server FortiGuardDDNS
set ddns-domain "<name>.fortiddns.com"
set monitor-interface "wan1" "wan2"
next
end
Create a firewall policy for each WAN interface as shown in the Fortinet Cookbook Recipe "Providing remote users with access using SSL VPN".