FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
jrosado_FTNT
Staff
Staff
Description
This article explains how to achieve SSL VPN redundancy using two WAN links.

Scope

In order to guarantee VPN connectivity to any of both WAN interfaces you may do the following:


Solution
Use the following steps in order to guarantee VPN connectivity to any of both WAN interfaces.

FortiOS v5.2

Define them in VPN > SSL > Settings > Listen on Interface(s) and make sure that both are added.

Or by CLI:
config vpn ssl settings
    set source-interface "wan1" "wan2"
end

Configure DynDNS including both interfaces to access the VPN by name at System > Network > DNS > FortiGuard DDNS.

Or by CLI:
config system ddns
    edit 1
        set ddns-server FortiGuardDDNS
        set ddns-domain "<name>.fortiddns.com"
        set monitor-interface "wan1" "wan2"
    next
end

FortiOS v5.0

Configure DynDNS including both WAN interfaces to access the VPN by name at System > Network > DNS > FortiGuard DDNS.

Or by CLI:
config system ddns
      edit 1
          set ddns-server FortiGuardDDNS
          set ddns-domain "<name>.fortiddns.com"
          set monitor-interface "wan1" "wan2"
      next
end

Create a firewall policy for each WAN interface as shown in the Fortinet Cookbook Recipe "Providing remote users with access using SSL VPN".

Contributors