Created on 02-05-2024 12:44 AM Edited on 02-26-2024 03:19 AM By Kate_M
Doesn anybody know if the VPN SSL can be setup in fortigate that is runnig 7.4 with a evaluation licence ?
This is error thta I am getting
unable to establish the vpn connection, The VPN server is unreachable or your identity certificat is not trusted (-5)
Thanks in advance..
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Additionally, review the following articles:
https://docs.fortinet.com/document/fortigate/6.0.0/handbook/943479/certificate-based-authentication
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-solve-The-server-you-want-to-connec...
Hello Rogermijares,
enable the following debug on FGT to investigate:
diag debug console timestamp enable
diag debug app fnbamd -1
diag debug app sslvpn -1
diag debug enable
BR
Additionally, review the following articles:
https://docs.fortinet.com/document/fortigate/6.0.0/handbook/943479/certificate-based-authentication
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-solve-The-server-you-want-to-connec...
If you're talking about the unlicensed VM that anyone can download and run:
In theory: Yes.
In practice: No, almost impossible.
Unlicensed VMs have significant restrictions to which crypto algorithms they allow, which makes most cryptography-utilizing features unusable. SSL-VPN specifically will offer only bad and outdated algorithms during the handshake, which will be rejected by any modern client. If you can convince/reconfigure your client to negotiate these outdated ciphers, it should work. (this is the "in theory" answer)
------
If on the other hand you meant a fully functional evaluation license (a proper VM license just like any other, except time limited to permanently expire somewhere between a month and a year), then those should work just fine (no crypto limitations). In this case you should follow up with troubleshooting as outlined by @ndumaj .
I am using the VM evaluation licence which doesnt expire. This is for a home lab and I want to learn the product but if I cant setup a simple VPN server this licence is rubbish. I am better off with sophos, I reckon.....
Unfortunately, VPNs are the two features most impacted in trial VMs. :(
If you have some contacts via your employment, you could try obtaining the full evaluation license. A used hardware FortiGate is another option, as these don't have crypto restrictions, even with expired support contracts. Alternatively, if your aim is trying out VPNs in general, FortiClient should let you easily set crypto settings for IPsec that will be compatible with a trial VPN.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1709 | |
1093 | |
752 | |
446 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.