Dear Fortigate Forum,
I am having issues connecting to my Fortigate 60F device via VPN. SO my connection is as follows: My ISP provides Mikrotik router and connection has public static IP address. Port 1 on Mikrotik has port forward for ports 500 and 4500 via UDP protocol to address 172.16.105.5. There is NAT rule for network 172.16.105.0/29 on same port 1. SO I would like to remotely access that site via VPN (SSL or IPSec) but I am not sure how to do it. I tried following many tutorials but connection via forticlient VPN just doesn't work. IS there a chance you guys can give me a hand with this please? I am not sure if WAN 1 needs to be DHCP or Static, and what rules do I have to configure in fortigate..
Your help is much appreciated guys.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
In principle, such a setup will work eventually, if the MT is properly understood and configured.
A "dumb" modem without any means for IPsec would be preferable, such that it couldn't interfere.
I would start out by forwarding all stuff to the FGT, not single ports. Sometimes, this is not feasable, but you didn't mention. In the call setup, the FortiClient would start out using protocols ESP and AH, and later switch to UDP. You forward UDP only atm.
If you forward all protocols, you could contact the FGT via ping (allow it on wan1 port).
Then, make sure that the MT does not react to an IPsec request. I'm not proficient with MTs but IPsec should be switchable.
Maybe it would be easier to test for SSLVPN, forwarding port tcp/443 only. Of course, the MT should not care about SSLVPN or HTTPS either. Again, if you only forward one port you cannot use ping.
On the FGT side, use a static IP on it's WAN port, using an IP address within the transfer network. The MT would then forward onto this (static) address. DHCP doesn't really make sense here.
Hi @Fortiassist,
Is 172.16.105.5 the IP address of the FortiGate? You can follow the article below and make sure your configuration is correct.
You can also follow this article to troubleshoot: https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-SSL-VPN-Troubleshooting/ta-p/189542
Regards,
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1557 | |
1033 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.