Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
rbross
New Contributor

IPSec VPN with domains

I successfully have 2 remote sites with Fortigate 30E firewalls connected with each other using an IPSec tunnel.  When I first set it up one of the sites had static IPs and the other used DHCP.   So I had the site that used DHCP establish the tunnel, since it knew what the other end's IP was.

 

However, we moved the office that had static IP and in order to get greater bandwidth at a better price went with DHCP.  So now both sides use DHCP.  Both sites also dynamically update our DNS infrastructure if their IPs change, so their DNS domains are valid and will return valid IPs.

My question is: is there a way to configure the VPN tunnel on both sides to use domain names instead of IP addresses?  As it stands, if there is an outage and the WAN interface gets assigned a different IP, someone will get alerted and will have to manually reconfigure the tunnels.  We used to have Zywalls (the Fortigates are a huge improvement) and although their UI was terrible, they had a lot more granular control of IPSec settings and we were able to use domains instead of IPs.

4 REPLIES 4
rbross
New Contributor

I think I solved it myself, simply changing the remote ID to "Dynamic DNS".  Duh!  How did I miss that?

rwpatterson
Valued Contributor III

LOL! Glad you figured it out.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
rbross

Thing is, I actually used to work for one of the dynamic DNS companies, so I spaced out assumed that was some sort of compatible client to update DNS.  But I should have known since it was under VPN and not WAN interface.

rwpatterson
Valued Contributor III

Old habits die hard...

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors