Best choice for Client VPN

systemgeek · ‎03-07-2024

I am running fortigate vm in AWS ver 7.2.4. I am starting to look at setting up client VPNs for our users. After reading the documentation I noticed we could do this in 2 phases. Phase 1 move all existing users to forticlient VPN. Phase 2 move the users to ZTNA.

While going through the SSL-VPN Settings on the Fortigate I see the message "For increased security, scalability, and flexibility, use ZTNA or IPsec VPN as an alternative to SSL-VPN tunnel modes." So does that mean I should be doing IPsec VPNs for normal users rather then using the old SSL-VPN? Are there any gotchas if I do Client IPsec VPN when the fortigate is running in AWS?

AEK · ‎03-07-2024

SSL-VPN is safe as long as you use MFA and keep your FortiGate patch up to date.

AEK

View solution in original post

AEK · ‎03-07-2024

SSL-VPN is safe as long as you use MFA and keep your FortiGate patch up to date.

AEK

systemgeek · ‎03-08-2024

Perfect... I want to do MFA.

One more question. When I am setting up the VPN I have an option for Tunnel Mode Client Settings where its assigning this range: Tunnel users will receive IPs in the range of 10.212.134.200 - 10.212.134.210. Or I can assign my own range. Where is it getting that range from? Can I change that range to match the number of Client licenses I purchased?

AEK · ‎03-08-2024

For sure you can use any private range that is not already used in your network.

AEK

systemgeek · ‎03-08-2024

Do you have any idea how it comes up with that DEFAULT range?

Best choice for Client VPN

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website