I am not permitted to access my data center from outside the country, but I can use my Fortigate with Forticlient IPSEC to access a machine inside my LAN and then RDP to servers in the data center. Is it possible to configure the Fortigate itself to do Windows Remote Desktop Connections using the LAN IPs? That would eliminate the need to rely on any LAN machines being up.
Thanks,
Ben
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I Think you cannot do that directly. However you could do VIP to access it via WAN Interface. BUt that's highly insecure and not recommended here. As you said you can do VPN to your FortiGate. In that case all you need is split tunneling (otherweise ALL your traffic will go over the VPN) and some policy that allows rdp from vpn to the server(s).
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
@ben
Good day.
Since you are connected to IPSEC dialup remote VPN, you can directly RDP to your Server from external computer. All you need to do is make sure that you have firewall policy and correct routing on Fortigate and on your Server.
Network / Flow:
VPN Client >> IPSEC remote VPN >> Fortigate >> LAN >> Server
Firewall Policy:
Source Interface : IPSEC remote VPN
Destination Interface : LAN
Source IP : Remote VPN subnet
Destination : Server IP
Service : ALL (or specific RDP)
NAT : ** depending on your routing. If the server only knows about the LAN network, you need to enable it. If it have routing towards your VPN subnet, it can be disable
Thanks guys, I will experiment with this.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1731 | |
1098 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.