Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
sanderl
New Contributor III

Created on ‎06-09-2020 01:41 PM Edited on ‎02-15-2024 04:33 AM

SSL VPN behind Nginx Proxy Manager

Is it possible to. Open 443 on an ip adress through a fortigate (yes :-)) to an nginx server. To then have that nginx server serving several urls and lets encrypt to a webserver(s). And then the magic: to have a url eg. vpn.domain.com serving back to (the internal?) interface of the fortigate. The is only 1 internet ip adress avaliable on the fortigate. And ofcourse port 80 is also forwarded to the nginx in order to renew letsencrypt. Any tips welcome. Thanks.

Labels:
11613
0 Kudos
12 REPLIES 12
emnoc
Esteemed Contributor III
In response to poundy

Created on ‎07-07-2020 03:17 PM

If KPN is blocking you  , you need to ask them why? I never heard of a mobile operator filtering traffic but this is the ducth so who really knows ;)

 

Did you happen to test from another device that was not attached to KPN?

 

Ken Felix

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
884
0 Kudos
emnoc
Esteemed Contributor III
In response to poundy

Created on ‎07-07-2020 03:19 PM

 

 (because honestly, blocking ports is so 1990's) 

 

This is so true,  but these smaller ISP in smaller countries try to filter traffic. You mainly see it in many Asian & African developing countries to control access to news outlets or media sites.

 

Ken Felix

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
884
0 Kudos
sanderl
New Contributor III

Created on ‎02-15-2024 04:32 AM

Long time back I created this topic. At that time it did not succeed. Now for a long time it works like I wanted and I thought to share some back with the community.

 

So what I have:

  • A ubuntu machine with nginx (npm).
  • A Fortigate with a loopback interface (internal) presenting ssl vpn.
  • A VIP port forwarding (443) to the nginx machine.
  • A public dns name resolving back to the external IP of the FG.
  • Configuration on the nginx catching that traffic (for thát dns name) and forwarding to the loopback.

Some screenshots:

nginx.png

nginx2.png

 

This way the client (browser / vpn client / android app) connect fine and without certificate warning as that is presented by nginx.

Next to that the external IP can be used with multiple dns names that are all forwarded to different backend services all over 1 IP address.

603
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.