Hi:
We have a problem with a customer who has a fibre line which is not working because of flooding in his town :(. We could provide him some basic internet connection with a 4G router (40MB up/down) and it works OK.
Problem is that another branch has to connecto via VPN to them to work with the ERP, so we need the VPN connection.
We configured the DMZ functionality in the 4G router and we have NAT to the FG. We are unable to connect from outside to the IP (whatismyip.com). Also with the FortiDDNS we cant connect from outside. We disables the firewall functionality from the 4G Router but again no chance to connect, so we dont know if the DMZ function works or if the IP is not correct (maybe the 4G provider routes the traffic and there is no chance to get a real IP to connect).
The VPN we tried first with agressive mode chaning both sides. The VPN goes UP but there is no incomming data on the Forti behind the 4G Router. We see outgoing traffic from the other Forti.
Than we tried main mode with the IP we got from the WAN on the FG but with the same result.
So basically we dont know if the problem is that this is not the real IP or if the DMZ of the 4G router is not working.
Any ideas or suggestions?
Thanks!
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Most probably the 4G router doesn't have a public IP and the traffic will end up double NATed. If the branch that has a stable connection has a public IP on the FGT you may try to build a dial up VPN from HQ to the branch. FGT on HQ being the dialup client.
https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/6896/fortigate-as-dialup-client
Hello,
We have the same probleme in our company. we have FW fortinet and a 4G network (IP not fix).
Is there a solution for setup a vpn ? we have time clocks to connect remotely and on the cloud ?
Thanks in advance.
If one of the sites (HQ) has a fixed public IP (or fixed IP in the private 4G network) than the other FWs can build a VPN even if they are behind NAT as long as they are able to reach it.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1547 | |
1031 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.