Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
david_zgz
New Contributor

Created on ‎09-05-2018 12:37 AM

SSL-VPN with public domain

Good morning,

 

I have a fortigate 60E, which allow a lot forticlients connet to my network remotely.

1 month ago, I added a second WAN in my company (for backup). But the problem was that in the option: Connection Settings => Listen on Interface(s) in the menu VPN => SSL-VPN Settings, Fortigate accepted the ssl request for the 2 WANs, but the forticlients disconnected after a few minutes.

When I remoted the WAN2 in that option, problem was resolved.

 

Then actually, when WAN1 fails, I have to add the WAN2 like interface (in SSL-VPN Settings) for that the forticlients can connect to my network remotely in that moment.

My question is: I have a public domain, that the public IP is the same that I am surfing the Internet.

If I navigate thanks to Wan2, that public IP will be like that public domain, are sync.

I want that the forticlients can connect to my network, but Fortigate uses the public domain for listening in both WAN, and when the WAN1 fails, the forticlients can connect thanks to the WAN2.

 

Thank you

Regards

David

1782
0 Kudos
1 REPLY 1
kd007
New Contributor III

Created on ‎09-05-2018 02:58 PM

You have two options that I can think of:

[ol]
  • Use a load-balancer in front of your VPN. You could use a cloud service such as Azure Traffic Manager if you don't have the hardware yourself. So what you'd do is have your clients connect to vpn.example.com, which is the load balancer. The balancer would be configured to health-check your WAN1 and WAN2 public IP's, and would direct clients to whichever you choose. This solution will give the best user experience but requires the most configuration on your part to get setup correctly.
  • Setup FortiClient with two VPN entries for users to choose from, one that goes to the WAN1 IP and one that goes to the WAN2 IP. You'd want to instruct your users to try the first one, and if it doesn't work to then try the second one. You'll struggle with getting users to understand this concept, but it is very simple to manage this configuration and requires no additional cost/investment.[/ol]
    • 930
    0 Kudos
    Announcements
    Check out our Community Chatter Blog! Click here to get involved
    Labels
    Top Kudoed Authors
    View all
    Broad. Integrated. Automated.

    The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

    Social Media
    Security Research
    Company
    News & Articles
    Contact Us

    Copyright 2025 Fortinet, Inc. All Rights Reserved.