Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Remote VPN Issue

Dear Fortigate Forum,


I am having issues connecting to my Fortigate 60F device via VPN. SO my connection is as follows: My ISP provides Mikrotik router and connection has public static IP address. Port 1 on Mikrotik has port forward for ports 500 and 4500 via UDP protocol to address There is NAT rule for network on same port 1. SO I would like to remotely access that site via VPN (SSL or IPSec) but I am not sure how to do it. I tried following many tutorials but connection via forticlient VPN just doesn't work. IS there a chance you guys can give me a hand with this please? I am not sure if WAN 1 needs to be DHCP or Static, and what rules do I have to configure in fortigate..


Your help is much appreciated guys.


In principle, such a setup will work eventually, if the MT is properly understood and configured.

A "dumb" modem without any means for IPsec would be preferable, such that it couldn't interfere.


I would start out by forwarding all stuff to the FGT, not single ports. Sometimes, this is not feasable, but you didn't mention. In the call setup, the FortiClient would start out using protocols ESP and AH, and later switch to UDP. You forward UDP only atm.

If you forward all protocols, you could contact the FGT via ping (allow it on wan1 port).


Then, make sure that the MT does not react to an IPsec request. I'm not proficient with MTs but IPsec should be switchable.


Maybe it would be easier to test for SSLVPN, forwarding port tcp/443 only. Of course, the MT should not care about SSLVPN or HTTPS either. Again, if you only forward one port you cannot use ping.


On the FGT side, use a static IP on it's WAN port, using an IP address within the transfer network. The MT would then forward onto this (static) address. DHCP doesn't really make sense here.



"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"

Hi @Fortiassist,


Is the IP address of the FortiGate? You can follow the article below and make sure your configuration is correct.


You can also follow this article to troubleshoot:



Top Kudoed Authors