Description
This article explains how to achieve SSL VPN redundancy using two WAN links.
Scope
To guarantee VPN connectivity to any of both WAN interfaces
Solution
Use the following steps to guarantee VPN connectivity to any of both WAN interfaces.
V5.2:
Define them in VPN -> SSL -> Settings, listen on Interface(s), and make sure that both are added.
Or by CLI:
config vpn ssl settings
set source-interface "wan1" "wan2"
end
Configure DynDNS including both interfaces to access the VPN by name at System -> Network -> DNS -> FortiGuard DDNS.
Or by CLI:
config system ddns
edit 1
set ddns-server FortiGuardDDNS
set ddns-domain "<name>.fortiddns.com"
set monitor-interface "wan1" "wan2"
next
end
V5.0:
Configure DynDNS including both WAN interfaces to access the VPN by name at System -> Network -> DNS -> FortiGuard DDNS.
Or by CLI:
config system ddns
edit 1
set ddns-server FortiGuardDDNS
set ddns-domain "<name>.fortiddns.com"
set monitor-interface "wan1" "wan2"
next
end
Create a firewall policy with source interface: SSL-VPN Tunnel interface. Configure FortiClient with Remote: Gateway: <name>.fortiddns.com.
Related documents:
