Probably a dumb question, use Fortigate Client and Fortigate to RDP back out to WAN Windows Server

ben · ‎06-13-2024

I am not permitted to access my data center from outside the country, but I can use my Fortigate with Forticlient IPSEC to access a machine inside my LAN and then RDP to servers in the data center. Is it possible to configure the Fortigate itself to do Windows Remote Desktop Connections using the LAN IPs? That would eliminate the need to rely on any LAN machines being up.

Thanks,

Ben

sw2090 · ‎06-13-2024

I Think you cannot do that directly. However you could do VIP to access it via WAN Interface. BUt that's highly insecure and not recommended here. As you said you can do VPN to your FortiGate. In that case all you need is split tunneling (otherweise ALL your traffic will go over the VPN) and some policy that allows rdp from vpn to the server(s).

--

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

adimailig · ‎06-13-2024

@ben

Good day.

Since you are connected to IPSEC dialup remote VPN, you can directly RDP to your Server from external computer. All you need to do is make sure that you have firewall policy and correct routing on Fortigate and on your Server.

Network / Flow:
VPN Client >> IPSEC remote VPN >> Fortigate >> LAN >> Server

Firewall Policy:

Source Interface : IPSEC remote VPN
Destination Interface : LAN
Source IP : Remote VPN subnet
Destination : Server IP
Service : ALL (or specific RDP)
NAT : ** depending on your routing. If the server only knows about the LAN network, you need to enable it. If it have routing towards your VPN subnet, it can be disable

Best Regards,

Arnold Dimailig
TAC Engineer

ben · ‎06-16-2024

Thanks guys, I will experiment with this.

Ben

Probably a dumb question, use Fortigate Client and Fortigate to RDP back out to WAN Windows Server

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website