Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
SteveTheITDude
New Contributor

Fortigate v7.2.1 - Used for VPN Only (No WAN Interface)

I'm currently demoing Fortigate v7.2.1 as a HyperV VM to replace our current SSL-VPN solution. At the moment, the Fortigate VM is only being used for SSL-VPN and not as our firewall appliance so there is no WAN interface connected. I've followed the Fortigate Cookbook for SSL-VPN (Cookbook | FortiGate / FortiOS 6.0.0 | Fortinet Documentation Library) but my SSL VPN web interface is not coming up.

 

When I attempt to connect to the local IP for the SSL VPN I'm getting "The connection for this site is not secure. 172.16.0.5 used an unsupported protocol; ERR_SSL_VERSION_OR_CIPHER_MISMATCH. The client and server dont support a common SSL protocol version or cipher suite"

 

NOTE: I am running my https admin interface on port 4443 and the SSL-VPN on port 443

 

Being new to Fortigate and only running a trial license I'm at a loss. Is it possible to run Fortigate for just an SSL-VPN appliance only?

 

Fortigate_5.png

 

Fortigate_4.pngFortigate_3.pngFortigate_2.pngFortigate_1.png

1 Solution
SteveTheITDude
New Contributor

Hi Anthony,

 

Thanks for checking into this but I have found the answer. I reached out to the Account Manager I have been speaking with and they ended up asking one of the engineers. It turns out when using the trial license the encryption level is limited:

 

"..only DES encryption is allowed (except for management, in which full encryption is enabled), meaning that SSL VPN is not possible, but IPSEC VPN with DES is still possible for testing purposes."

View solution in original post

3 REPLIES 3
Anthony_E
Community Manager
Community Manager

Hello Steve,

 

Thank you for using the Community Forum.

I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

 

Regards,

Anthony-Fortinet Community Team.
Anthony_E
Community Manager
Community Manager

Hello,

 

We are still looking for an answer to your question.

We will come back to you as soon as we get it.

 

Regards,

Anthony-Fortinet Community Team.
SteveTheITDude
New Contributor

Hi Anthony,

 

Thanks for checking into this but I have found the answer. I reached out to the Account Manager I have been speaking with and they ended up asking one of the engineers. It turns out when using the trial license the encryption level is limited:

 

"..only DES encryption is allowed (except for management, in which full encryption is enabled), meaning that SSL VPN is not possible, but IPSEC VPN with DES is still possible for testing purposes."

Labels
Top Kudoed Authors