Hi everybody
I have a Fortigate 40F that answer to an A record DNS of my domain "fortigate.example.com". Inside the local network I have a WEB server that I need for work, another A record that point to the same public IP address that answer to api.example.com.
I have setup the virtual server that answer to the different name and I can find both, but the problem is with the certificate. With the different name I can bypass the double 80 and 443 port, but the proxy offload the SSL certificate of the fortigate to the web server and navigating to the web site I get an error couse the site api.example.com have the certificate of fortigate.example.com.
I have search online but seems it's not possible to disable the certificate offload and the SO of the fortigate doesn't support the wildcard of let's Encrypt.
Someone have an idea how to solve? I'm quite new with fortigate so please if you have a solution explain it like I am an idiot :p
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello Canapia,
Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Thanks,
Hello Canapia,
We are still looking for someone to help you.
We will come back to you ASAP.
Regards.
Hello Canapia,
Could you please contact our support via https://support.fortinet.com/welcome/#/
Regards,
Can you just confirm so I can be sure I understand you, you want to be able to reach the FortiGate on HTTPS (Web VPN, admin GUI, etc) using a hostname that points to its public IP address.
And you want to create a VIP with a web server behind it that is using another hostname but using the same IP address as the FortiGate WAN?
Yes this is possible! However, you need to understand that you'll need to use different ports if you want to share the same IP and port for two different servers.
Your FortiGate and Web Server are two different servers sharing the same IP address.
If you can't use a non-standard port for either the FortiGate or the Web Server, you could possibly look to using the Web Server to do some redirection for you based on the hostname. I.e. the web server could handle all port 443 connections and anything for Fortigate.example.com would get sent back to the FortiGate.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1665 | |
1077 | |
752 | |
446 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.