Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ba11
New Contributor

Multiple VRF Aware Remote Access SSL VPN Tunnels - Fortigate

Hello 

 

Please can you let me know if it is possible to create multiple remote access SSL VPN Tunnels (vrf aware). I have two LAN interfaces (subnet overlap) in separate VRFs. I want 2 ssl.root interfaces so that I can add VRF information. 

 

Is this supported ?

 

Thanks

1 Solution
tpatel
Staff
Staff

Hello, 

We cannot create multiple ssl.root interface on fortigate or in single vdom. Even if we select multiple physicals interface in ssl vpn setting still it shows only on ssl.root interface.

View solution in original post

3 REPLIES 3
tpatel
Staff
Staff

Hello, 

We cannot create multiple ssl.root interface on fortigate or in single vdom. Even if we select multiple physicals interface in ssl vpn setting still it shows only on ssl.root interface.

amrit
Staff
Staff

I don't think it is possible to create two ssl.root interfaces in the same vdom. Also for VRF support in the SSLVPN, all the interfaces should belong to the same vrf. So this will not work for multi-VRF: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Implementing-VRF-based-SSL-VPNs/ta-p/21361...

So one solution is multivdom setup

Why do you have the same subnets in different VRFs?

 

Amritpal Singh
ba11
New Contributor

Hello 

 

Thanks for your response. There was a subnet overlap during migration within a brownfield environment. Hopefully over time dedicated subnets would be assigned. 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors