Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
papapuff
New Contributor II

Help - make VPN SSL accessible from another WAN

Hi there,

need help please.

we using FG60D with firmware 5.6.2 we've setup VPNSSL with listening from WAN2.

vpn ssl can be accessed from outside network (network with no connection to fortigate).

vpnssl created for connect LAN (using interface port 1).

 

how to make vpn ssl also accessible from WAN1.

user connect internet from WAN1, but when needed, user can access vpnssl to connect LAN.

 

special note:

generally, user who connect internet, don't have access LAN, that's why we don't create policy between WAN1 and LAN (Poirt 1)

 

need help please

 

 

 

6 REPLIES 6
Fullmoon
Contributor III

if you havent seen these links, then cookbook is your friend.

http://cookbook.fortinet.com/ssl-vpn-using-web-and-tunnel-mode-54/

http://cookbook.fortinet.com/ssl-vpn-for-remote-users/

 

Fortigate Newbie

Fortigate Newbie
papapuff
New Contributor II

yes, already read.but no solution there.thank you

daniel_azeredo

Hi, 

 

Do you have public IP on you both wan interfaces?

 

If yes, you need add the wan 1 in 'listen on interface' in SSL-VPN Settings too, then you go to  ipv4 policy and create a policy from SSL-VPN tunnel interface to your lan interface, so that you ca use boths wan interfaces as VPN SSL.

 

 

 

papapuff

hi Daniel,

 

thanks for reply.

 

if I add wan1 on listening interface, then client setting must be set to IP public WAN1.

let say ip wan1 1.1.1.1

then on client site, server must be direct to "https://1.1.1.1:<port no.>

 

am I correct?

 

daniel_azeredo

Hi papapuff,

 

You are correct! you can use either wan1 IP or wan2 Ip on the broswer like you said, https://wan1ip:port or https://wan2ip:port. Do not forget create a firewall policy from SSL TUNNEL inteface to your lan and apply the user group in ssl settings and the vpn ssl firewall policy.

 

 

Arkady_K

Hello,

I know the post is pretty old.

I want to implement a same. I have VPN SSL running on wan2 already few years. Now I decided to create additional VPN interface on wan1.

I added wan1 in SSL-VPN Settings - Listen on Interface. Unfortunately it not enough. Using same user name I can connect to existing wan2, but not to wan1.

My software version is v6.0.3 on FortiWiFi 60D.

What I am missing?

Thank you in advance.

Labels
Top Kudoed Authors