FORTIGATE REMOTE ACCESS AND MONITORING

STOLLERXD · ‎03-16-2022

Hello everyone I need help. Let me explain you. On past customers have IP public and from my office I monitor and have remote access on fortigate. now he changed he have always internet but without ip public how can I continue de have remote access to fortigate and monitor it. Waiting for you plse :pensive_face::pensive_face:.

PS: port forwarding is option from ISPdont give me this possibility.

sharmaj · ‎03-16-2022

Hi,

Actually, you need either public IP or DDNS domain to reach the FortiGate from outside as the user will not be aware of how to reach the FortiGate if the public IP is not known.

Jay sharma

STOLLERXD · ‎03-16-2022

thanks your reply.

Yeah without ip public it is not simple. I though with protocol like l2tp or sstp i will be able to make (client to site vpn i've sstp server on my office). Thanks again for your time.

ede_pfau · ‎03-16-2022

My suggestion is to set up a dial-up IPsec VPN. Let the site without (permanent) public IP dial out to the FGT. Using a VPN is the only safe way to access a FGT for management.

Ede Kernel panic: Aiee, killing interrupt handler!

STOLLERXD · ‎03-17-2022

Ok ede. but in this case what ip i must use like remote gateway on forticlient. below overview of my design i use one ip of lan isp like gateway on my fortigate

ede_pfau · ‎03-17-2022

No way, sorry. I imagined that you have a Fortigate externally. Just a FC will not do.

If you have access to the ISP router, you could port forward something onto the FGT WAN port. But if you don't I don't see any way to achieve this.

Ede Kernel panic: Aiee, killing interrupt handler!

Toshi_Esumi · ‎03-16-2022

By the same token, we always use SSL VPN for remote FGT access.

Toshi

STOLLERXD · ‎03-17-2022

hello toshi. i dont know if i'm wrong. but to use SSL vpn you must have spécifiy public ip as remote gateway on forticlient

Debbie_FTNT · ‎03-17-2022

Hey Stoller,

for IPSec or SSLVPN to FortiGate, you will need a public IP or hostname to connect to, if FortiGate should be receiving the connection attempt.

In your case, you would need to set up something on your ISP router (where the actual internet breakout is) to forward connections to a specific port/IP/hostname through to FortiGate, but you mentioned this is not an option, correct?

If you have a different VPN server (with a public IP), FortiGate could initiate a connection to it (as a spoke, essentially), and you could reach FortiGate through that other VPN server.

But:
- either, you must make FortiGate reachable from internet somehow (DDNS, port forwarding)

- or FortiGate must establish a connection to a different VPN gateway to which you can also connect, and reach FortiGate through that

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++

STOLLERXD · ‎03-20-2022

thanks debbie. for now i talk with ISP for port forwading. but by forticloud it's not possible to manage fortigate on remote

FORTIGATE REMOTE ACCESS AND MONITORING

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website