Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
kpatio
New Contributor II

Issues with activating proxy mode in Cloudflare to hide WAN IP of FortiGate

Hello community,

I need help hiding the WAN IP of my FortiGate, using proxy services like Cloudflare. I have currently set up my FortiGate with a subdomain (mifirewall.mypage.com) and an SSL certificate from Let's Encrypt, which works perfectly in DNS mode with Cloudflare. However, when I switch to proxy mode to enhance security and hide the IP, the system stops functioning as expected.

Additionally, this configuration with Cloudflare is used not only for managing the device but also as the address for SSL VPN clients. This makes it crucial to maintain constant functionality and accessibility through Cloudflare.

Has anyone faced a similar problem when activating proxy mode in Cloudflare? How did you resolve it? I am particularly interested in knowing if there are specific configurations or adjustments I could apply to solve this issue.

Thank you for your time and assistance.

1 Solution
ozkanaltas
Valued Contributor II

Hello @kpatio ,

 

In my opinion, this is not possible, especially the ssl-vpn part. But if you want to use proxy mode for Admin GUI access. You need to deploy the CloudFlare certificate to Fortigate. Because I remembered Cloudflare worked like that. 

 

I found a topic about that. Fortinet staff says you need a different solution for that request. You can review this topic. 

 

https://community.fortinet.com/t5/Support-Forum/Fortigate-SSL-VPN-Client-Unable-to-Maintain-Connecti...

 

 

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW

View solution in original post

If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
1 REPLY 1
ozkanaltas
Valued Contributor II

Hello @kpatio ,

 

In my opinion, this is not possible, especially the ssl-vpn part. But if you want to use proxy mode for Admin GUI access. You need to deploy the CloudFlare certificate to Fortigate. Because I remembered Cloudflare worked like that. 

 

I found a topic about that. Fortinet staff says you need a different solution for that request. You can review this topic. 

 

https://community.fortinet.com/t5/Support-Forum/Fortigate-SSL-VPN-Client-Unable-to-Maintain-Connecti...

 

 

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors