Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
STOLLERXD
New Contributor II

Created on ‎03-16-2022 03:03 AM

FORTIGATE REMOTE ACCESS AND MONITORING

Hello everyone I need help. Let me explain you. On past customers have IP public and from my office I monitor and have remote access on fortigate.  now he changed he have always internet but without ip public how can I continue de have remote access to fortigate and monitor it. Waiting for you plse :pensive_face::pensive_face:. 

 

PS: port forwarding is option from ISPdont give me this possibility. 

Labels:
3939
0 Kudos
10 REPLIES 10
sharmaj
Staff
Staff

Created on ‎03-16-2022 04:02 AM

Hi,

Actually, you need either public IP or DDNS domain to reach the FortiGate from outside as the user will not be aware of how to reach the FortiGate if the public IP is not known.

Jay sharma
3476
0 Kudos
STOLLERXD
New Contributor II
In response to sharmaj

Created on ‎03-16-2022 08:08 AM

thanks your reply. 

 

Yeah without ip public it is not simple. I though with protocol like l2tp or sstp i will be able to make (client to site vpn i've sstp server on my office). Thanks again for your time.

3465
0 Kudos
ede_pfau
SuperUser
SuperUser

Created on ‎03-16-2022 08:40 AM

My suggestion is to set up a dial-up IPsec VPN. Let the site without (permanent) public IP dial out to the FGT. Using a VPN is the only safe way to access a FGT for management.


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
3463
0 Kudos
STOLLERXD
New Contributor II
In response to ede_pfau

Created on ‎03-17-2022 02:25 AM

Ok ede. but in this case what ip i must use like remote gateway on forticlient.  below overview of my design i use one ip of lan isp like gateway on my fortigate

 

 

 

STOLLERXD_0-1647508812639.png

 

3432
0 Kudos
ede_pfau
SuperUser
SuperUser
In response to STOLLERXD

Created on ‎03-17-2022 03:54 AM

No way, sorry. I imagined that you have a Fortigate externally. Just a FC will not do.

If you have access to the ISP router, you could port forward something onto the FGT WAN port. But if you don't I don't see any way to achieve this.


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
3423
Toshi_Esumi
SuperUser
SuperUser

Created on ‎03-16-2022 09:14 AM

By the same token, we always use SSL VPN for remote FGT access.

 

Toshi

3457
0 Kudos
STOLLERXD
New Contributor II
In response to Toshi_Esumi

Created on ‎03-17-2022 02:09 AM

hello toshi. i dont know if i'm wrong. but to use SSL vpn you must have spécifiy public ip as remote gateway on forticlient

3434
0 Kudos
Debbie_FTNT
Staff
Staff
In response to STOLLERXD

Created on ‎03-17-2022 03:50 AM

Hey Stoller,

for IPSec or SSLVPN to FortiGate, you will need a public IP or hostname to connect to, if FortiGate should be receiving the connection attempt.

In your case, you would need to set up something on your ISP router (where the actual internet breakout is) to forward connections to a specific port/IP/hostname through to FortiGate, but you mentioned this is not an option, correct?

If you  have a different VPN server (with a public IP), FortiGate could initiate a connection to it (as a spoke, essentially), and you could reach FortiGate through that other VPN server.

But:
- either, you must make FortiGate reachable from internet somehow (DDNS, port forwarding)

- or FortiGate must establish a connection to a different VPN gateway to which you can also connect, and reach FortiGate through that

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
3426
0 Kudos
STOLLERXD
New Contributor II
In response to Debbie_FTNT

Created on ‎03-20-2022 07:12 AM

thanks debbie. for now i talk with ISP for port forwading. but by forticloud it's not possible to manage fortigate on remote 

3381
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.