I'm trying to setup SSL VPN with Fortigates in HA with Azure ELB/ILB.
The documentation/videos I've followed show the Azure AD steps and how to setup SSL VPN on the FGT, however I can't find how to do the ELB configure and how to bring it into the Fortigate.
Do I create a front-end IP on the ELB, load balancing rules for 10433 then create a Virtual IP on the FGT? Creating a Virtual IP needs to match to an internal IP address though.
I'm guessing the front-end IP needs to map somehow to the SSL-VPN tunnel interface (ssl.root).
Thank you in advance.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
The following github URL has detailed script and deployment instructions.
azure-templates/FortiGate/Active-Active-ELB-ILB at main · fortinet/azure-templates (github.com)
Hello squad4,
Just like you configure SSH access or Https access for Fortigate you've to open the port on wan Interface for SSL VPN instance, You do not have to bind the front-end IP with ssl.root, but you've to bind that with the Fortigate wan Interface, like (port1 or port2) whichever you're using, as ssl.root is a logical interface on Fortigate it will create when you enable the SSL VPN on physical ports (wan generally), Once it is done you'll have to configure the SSL VPN on Fortigate and you should be able to access the VPN.
Reference:
https://docs.fortinet.com/document/fortigate-public-cloud/7.4.0/azure-administration-guide/889158/co...
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Assign-multiple-public-IP-addresses-to-For...
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1643 | |
1069 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.