Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
mhanna
New Contributor II

Created on ‎11-28-2022 10:34 AM

SSL VPN Site-to-Site

Hello All

Kindly i tried to configure SSL Site to Site between two firewall but unfortunatelly the guide cant help me especially on certificate point

I created PKI user with its certificate but face issue in Server Certificate and Client certificate So appreciated any one an sent me a guide to proceed this point step by step or advice me how can do this configuration

Thanks

 

Labels:
2105
0 Kudos
6 REPLIES 6
lmarinovic
Staff
Staff

Created on ‎11-30-2022 06:58 AM

Hello,

 

You probably mean IPsec VPN? There is this document on how to configure the Site-to-site VPN with digital certificate:

https://docs.fortinet.com/document/fortigate/7.2.0/administration-guide/344213/site-to-site-vpn-with...

 

Hope it helps.

 

Best regards,

 

Lazar

 

 

Best regards

Lazar Marinovic
2079
gfleming
Staff
Staff

Created on ‎11-30-2022 08:38 AM

Are you actually intending to create an SSL VPN site-to-site tunnel? Can you not use IPSec? It will be easier...

 

If you need SSL-VPN follow these docs: https://docs.fortinet.com/document/fortigate/7.0.0/new-features/508779/fortigate-as-ssl-vpn-client

 

For Certificates you need a CA cert (can be your existing AD PKI or create a basic one using OpenSSL or something) and then sign some certs for the users and import those.

Cheers,
Graham
2074
0 Kudos
mhanna
New Contributor II
In response to gfleming

Created on ‎12-14-2022 01:19 AM

Thanks for your reply

Actually i followed SSL-VPN follow these docs and i create certificate from fortiAuthenticator but i need to know which certificate should be choose on Server certificate and on client certificateclient certificate.pngServer Certificate.png

2012
0 Kudos
lmarinovic
Staff
Staff
In response to mhanna

Created on ‎12-14-2022 04:00 AM

Hi,

 

If you created the certificate from FortiAuthneticator as server certificate then you will need to select that one. You will also need to upload CA certificate from FortiAuthneticator to both FortiGates then.  From the client side you will choose that FortiAuthenticator CA in PKI user in CA filed.

 

Best regards,

 

Lazar

Best regards

Lazar Marinovic
2008
0 Kudos
mhanna
New Contributor II
In response to lmarinovic

Created on ‎12-14-2022 05:48 AM

Hi

Thanks for your reply

When i upload the certificate to both devices ,I can see the certificate on PKI user but when i go to choose Server certificate on device i didn't find the certificate which created on Forti-Authenticator and only see 'Fortinet_Factory' or 'Fortinet_Factory_Backup' and this is the issue why i didn't see the certificate created on this tab,i only see the created certificate on PKI user tab

Appreciate your support

1994
0 Kudos
mhanna
New Contributor II
In response to lmarinovic

Created on ‎12-15-2022 12:52 AM

Hello 

If you have any video for this configuration ,i will be appreciated if you share with me

1978
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.