Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
MustphaBassim
New Contributor II

SSL VPN dual interface

Hello all

I hope you are fine and safe .

 

I have two different public IPs from ISP I want to setup SSL vpn on both IPs on the device the default route is now going to ISP one take in mind there is policy route for network towards ISP two for some of users so how could make the device response from ISP Two interface and ISP one interface for SSL VPN

 

Bests

1 Solution
aahmadzada

Hi MustphaBassim,

 

In order to make it work be sure to configure:
1. Two equal default routes via ISP1 and ISP2
2. Enable preserve-session-route option on both wan interfaces: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Enabling-the-preserve-session-route/ta-p/1...

 

Once it is done, you`ll be able to connect to the sslvpn via both wan interface and you`ll be sure that the session traffic that was established via wan1 will not be routed via wan2 and vice versa.

 

Ahmad

View solution in original post

4 REPLIES 4
vsahu
Staff
Staff

Hello,

How you've configured the two IPs? they are on the same Interface (using secondary configuration)? or both are using different Interfaces? 

To configure the VPN just add the respected Interface in the SSL VPN Configuration,

>> If you've configured secondary IP you've to call the single Interface 
Single Interface.PNG

 

>> If you're using Multiple Interfaces call both the Interface in the SSL VPN configuration
Multiple Interface.PNG

 

>> After that configure the respected Portal and map with the user, create the route and policy SSL VPN will work.

Vsahu
MustphaBassim
New Contributor II

Hello dear thnx for reply but the problem as I see is the firewall is re route the traffic comming from ISP 2 towards ISP 1 which cause the issue

aahmadzada

Hi MustphaBassim,

 

In order to make it work be sure to configure:
1. Two equal default routes via ISP1 and ISP2
2. Enable preserve-session-route option on both wan interfaces: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Enabling-the-preserve-session-route/ta-p/1...

 

Once it is done, you`ll be able to connect to the sslvpn via both wan interface and you`ll be sure that the session traffic that was established via wan1 will not be routed via wan2 and vice versa.

 

Ahmad

MustphaBassim

thnx very much it's worked with me