Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ggntt
Contributor

SSL VPN (DDNS) Fortigate HA Cluster

Hi all Just wondering if anyone has any ideas on how to setup remote access SSL VPN so its not fixed to a single IP address. I want to avoid giving remote users two VPN profiles. We have 2 FG units in a cluster, we also have 2 x WAN service providers. So the goal is as follows: Setup and configure SSL VPN on e.g WAN 1 Should that service provider fail connected SSL VPN users will disconnect. (thats fine) However, when they try to reconnect they automatically get pointed to the second provider on WAN 2. If we setup a public DNS A record with two IP entries will that work ? Or can we take advantage of the DDNS function on the FG in anyway ? Thanks greg
3 REPLIES 3
ggntt
Contributor

just wondering if anyone has tried a public DNS monitoring service that basically checks if the IP address / wan interface is up and auto fails over to the second ip if the first one stops responding ?
ede_pfau
SuperUser
SuperUser

Ideas for your first post (I didn' t understand the second): The Proper Way would be to obtain a provider independent public IP address which will be routed by both ISPs. Needless to say, this might cost a bit. Alternatively, you could set up the second WAN line to be backup only. Using v5.2 Virtual WAN link, or a combo of 2 non-equal default routes and Dead Gateway Detection on older versions you' d set up the links such that only one will be up at all times. Both links need a dynDNS setup (which must point to the same DDNS name of course). If you invest ~ 20 US-$ per year for a commercial DDNS you can obtain failover times in the range of 1-2 minutes. That should keep your users happy.
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
netmin
Contributor II

Have you already tried the priority based SSL VPN configuration, mentioned in the FortiClient admin guide?
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors