Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Ahslan
New Contributor III

Anybody connect their Fortigate to a VPN service?

Curious to see if anybody has configured their Fortigate to use a VPN service such as PIA, NordVPN or any of the million other ones that exist. I currently use pfsense at home due to it being able to use OpenVPN however I would love to switch to using my 60E if I can find a provider that supports the device.

 

Thanks in advance!

 

 

6 REPLIES 6
emnoc
Esteemed Contributor III

if you  asking can a FORTIGATE  act as a vpn_client, than the answer is no it can not. I'm not aware  of the  fortigate appliance acting like a ipsec or sslvpn client.

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
ThunderSpartan

Sounds like you may mean a “site to site” VPN and yes, the Fortigate can do site to site IPSec, we run it from our FG80D to Amazon web service VPN. GL IT
emnoc
Esteemed Contributor III

I have to disagree, he mention the following;

 

 

such as PIA, NordVPN

 

These are private internet  anonymous vpn  solution akai  dialup vpn-servers solution. A fortigate is not vpn-client 

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Ahslan
New Contributor III

Yeah, was talking about it being a VPN client. Definitely sad to hear :'(

 

I'm aware of it being able to be used for site to site as I currently already used several fortigates to connect to Azure.

Cyrez00
New Contributor

Hi Ashlan,

 

Late reply but maybe you are still looking for it and otherwise i might help someone else with it.

 

Yes it is possible to use a Fortigate as a VPN client, took me a long while to figure out there i'm relatively new to the Fortigate world but helped my learning curve greatly!

 

I have it working with NordVPN.

 

On the website of Nordvpn there is a description on how to setup an L2TP connection initiated from you WAN interface.

This procedure works but then you will run into speed limitation of the L2TP setup.

 

What i did is setup the L2TP client according to their instructions but skip the routing part at the end.

Under routing monitoring you can see that the default route changed to a 10.x.x.x address as next-hop.

If you do not see the 10.x.x.x address as next-hop you will need to remove a static route (you'll recognise the one if you see it)

Your traffic is now VPN'ed.

 

I then changed the Administrative Distance of my normal static default route to 1, this causes your traffic to flow back over your normal internet connection.

 

I then created a policy based route to direct specific traffic towards the VPN tunnel by specifying the 10.x.x.x address you found earlier under Monitoring -> Routing

 

I simply created a separate SSID here with its own VLAN and gave that its interface on the FG (DHCP etc.).

So when i connect to that SSID the traffic will be redirected towards the VPN tunnel.

We just use it for unlocking the Netflix region filter but the policy based route can of course be tuned to redirect anything you want.

 

Works like a charm!

 

If you would like more help on this just reach out.

 

Regards,

Cy.

 

 

emnoc
Esteemed Contributor III

Again, a fortigate can not act like a vpn client . If your referring to  this link

https://nordvpn.com/tutorials/fortinet-fortigate/l2tp/

 

Even nord tells you this is NOT a vpn as in your  traffic is not  encrypted. This a L2TP client access which is not a VPN.

 

[link]https://forum.fortinet.com/tm.aspx?m=98720[/link]

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors