I am running fortigate vm in AWS ver 7.2.4. I am starting to look at setting up client VPNs for our users. After reading the documentation I noticed we could do this in 2 phases. Phase 1 move all existing users to forticlient VPN. Phase 2 move the users to ZTNA.
While going through the SSL-VPN Settings on the Fortigate I see the message "For increased security, scalability, and flexibility, use ZTNA or IPsec VPN as an alternative to SSL-VPN tunnel modes." So does that mean I should be doing IPsec VPNs for normal users rather then using the old SSL-VPN? Are there any gotchas if I do Client IPsec VPN when the fortigate is running in AWS?
Solved! Go to Solution.
SSL-VPN is safe as long as you use MFA and keep your FortiGate patch up to date.
SSL-VPN is safe as long as you use MFA and keep your FortiGate patch up to date.
Perfect... I want to do MFA.
One more question. When I am setting up the VPN I have an option for Tunnel Mode Client Settings where its assigning this range: Tunnel users will receive IPs in the range of 10.212.134.200 - 10.212.134.210. Or I can assign my own range. Where is it getting that range from? Can I change that range to match the number of Client licenses I purchased?
For sure you can use any private range that is not already used in your network.
Do you have any idea how it comes up with that DEFAULT range?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1739 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.