Hello everyone I need help. Let me explain you. On past customers have IP public and from my office I monitor and have remote access on fortigate. now he changed he have always internet but without ip public how can I continue de have remote access to fortigate and monitor it. Waiting for you plse :pensive_face::pensive_face:.
PS: port forwarding is option from ISPdont give me this possibility.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi,
Actually, you need either public IP or DDNS domain to reach the FortiGate from outside as the user will not be aware of how to reach the FortiGate if the public IP is not known.
thanks your reply.
Yeah without ip public it is not simple. I though with protocol like l2tp or sstp i will be able to make (client to site vpn i've sstp server on my office). Thanks again for your time.
My suggestion is to set up a dial-up IPsec VPN. Let the site without (permanent) public IP dial out to the FGT. Using a VPN is the only safe way to access a FGT for management.
Ok ede. but in this case what ip i must use like remote gateway on forticlient. below overview of my design i use one ip of lan isp like gateway on my fortigate
No way, sorry. I imagined that you have a Fortigate externally. Just a FC will not do.
If you have access to the ISP router, you could port forward something onto the FGT WAN port. But if you don't I don't see any way to achieve this.
By the same token, we always use SSL VPN for remote FGT access.
Toshi
hello toshi. i dont know if i'm wrong. but to use SSL vpn you must have spécifiy public ip as remote gateway on forticlient
Hey Stoller,
for IPSec or SSLVPN to FortiGate, you will need a public IP or hostname to connect to, if FortiGate should be receiving the connection attempt.
In your case, you would need to set up something on your ISP router (where the actual internet breakout is) to forward connections to a specific port/IP/hostname through to FortiGate, but you mentioned this is not an option, correct?
If you have a different VPN server (with a public IP), FortiGate could initiate a connection to it (as a spoke, essentially), and you could reach FortiGate through that other VPN server.
But:
- either, you must make FortiGate reachable from internet somehow (DDNS, port forwarding)
- or FortiGate must establish a connection to a different VPN gateway to which you can also connect, and reach FortiGate through that
thanks debbie. for now i talk with ISP for port forwading. but by forticloud it's not possible to manage fortigate on remote
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1558 | |
1033 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.