Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
TryNewThings
New Contributor

Layer 2 Device Hosting a VPN to provide Remote Fortigate

Hello There,

 

I have a use case whereby we dont have access to the layer 3 device to provision an IPSec connection. Furthermore, the network is managed by a third party, so we cant migrate the LAN to a new Router/Firewall.

 

This means our only option to gain access to the client devices on the network is via VPN software/hardware tool which is installed as a layer 2 device. This could be Rasberry Pi, Windows Server, Windows 10, Linux etc.

 

TryNewThings_0-1645091721858.png

 

The only Layer 2 Device solution im aware of is the Windows Routing and Remote Access (RRAS)

 

However, I dont beleive the FortiGate can connect to a SSTP VPN?

 

Any clever solutions welcome :)

 

Thank you in advance.

 

1 REPLY 1
Markus_M
Staff
Staff

Hey,

 

you will likely need to know first how either of the two endpoints can contact each other.

Otherwise accessing a stranger network would be rather inseucre.

 

If you cannot manage the firewall in between you likely cannot do a port forward to the raspi.

You could however use strongswan/libreswan for example to connect to the known IP address of the FGT with a dialup VPN. So connect from inside the network to the firewall.

 

Example:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Using-LibreSwan-for-a-site-to-site-IPSec-t...

 

Best regards,

 

Markus

Top Kudoed Authors