Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Holiday badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiGuest
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPhish
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiScan
- FortiSASE
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiWAN
- FortiVoice
- FortiWeb
- FortiAppSec Cloud
- Lacework
- RMA Information and Announcements
- Wireless Controller
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Support Forum
- SSl VPN port forward from Meraki to Fortinet 60E
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
SSl VPN port forward from Meraki to Fortinet 60E
Hello every one,
My first post on the forum and I am pretty new to fortinet.
I have a scenario where we have Meraki MX64 which already has IPSEC client VPN configured on it.
We bought fortigate 60E and now we want to configure SSL VPN port forwarding from meraki to this fortigate appliance.
The idea is to get users who are connecting using home laptops instead of company provided to the fortigate applaicen isntead of Meraki as fortigate gives us more options to blcok ports etc, eventually we will replace our Meraki appliances soon with these forigates once but at the moment we just need to make sure that users connect to Fortigate using SSL VPN.
We only have one Public IP address and its on meraki.
I have configured the local interface LAN 1 with local subnet IP address and can access the Fortigate.
Should I connect WAN1 to meraki or LAN2, do I have to assign local subnet IP address and then use that IP in meraki for port forwarding.
Any other setting configurations I need to do to make it work.
Any help and assistance will be highly appreciated and looking forward to hear from the experts.
Thanks a lot..
5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If MX64's portforwarding works as any other FW's, that's what I would try and forward port 443, or other port you configure on the FGT side for SSL VPN. I wouldn't expect anything else needed to tweak other than the default route on the FGT is pointing to the MX64.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks Toshi for your reply.
At the moment this is what I have done.
Created a different vlan on meraki for Meraki port 2 as I was not able to assign it the same IP address as I have assigned to the LAN ports of fortigate.
Connected WAN1 of Fortigate to Meraki port 2 and assigned it an IP address from VLAN
Connected LAN1 of Fortigate to the local switch and assinged it an IP address from local subnet.
I can ping Fortigate WAN1 interface from Meraki.
Customize the SSL port on fortigate to 4443 and Created a port forward rule to WAn1 of fortigate on 4443.
It does not work, any thing which I am missing here.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Only thing I can say is you should sniff at the FGT's incoming interface while a client is trying to connect. If you see it's coming in but the FGT is not replying anything, the FGT is likely not configured properly. But if nothing (of course port 4443) is coming in, the problem is on Meraki side and it's time to call in their support.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have managed to make the SSL VPN work but now want to know how to configure it with Server 2012 Radius server.
The cook book talks about the forti authenticate and forti token but we donot use that and I am not sure what those products are.
Can I integrate Fortigate with server 2012 radius server and allow specific AD groups to connect via VPN.
I found this doc but its for old OS and new cook book does not have any such thing in it.
https://cookbook.fortinet.com/ssl-vpn-radius-authentication/index.html.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Well finished that as well, all good now, followed the above link and its wroking.
Guys please help and let me know if I can restrict client VPN users to only RDP, is this possible and if yes then please give me any pointers.
We only want VPN users to have access to 3389, they should only be able to do RDP once connected via VPN.
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Labels
-
FortiGate
8,863 -
FortiClient
1,794 -
5.2
801 -
FortiManager
753 -
5.4
639 -
FortiAnalyzer
568 -
FortiSwitch
486 -
FortiAP
478 -
FortiClient EMS
440 -
6.0
416 -
5.6
362 -
FortiMail
325 -
SSL-VPN
259 -
6.2
251 -
FortiAuthenticator v5.5
234 -
IPsec
220 -
FortiWeb
212 -
FortiNAC
197 -
5.0
196 -
FortiGuard
140 -
6.4
128 -
SD-WAN
119 -
FortiAuthenticator
111 -
FortiGateCloud
102 -
FortiSIEM
99 -
FortiCloud Products
99 -
FortiToken
92 -
Firewall policy
86 -
Wireless Controller
82 -
Customer Service
81 -
4.0MR3
64 -
High Availability
62 -
FortiProxy
61 -
Fortivoice
57 -
FortiADC
54 -
FortiEDR
53 -
VLAN
53 -
ZTNA
50 -
Routing
49 -
DNS
48 -
FortiExtender
46 -
FortiSandbox
44 -
FortiDNS
42 -
BGP
42 -
LDAP
42 -
Authentication
39 -
RADIUS
38 -
SAML
38 -
NAT
37 -
Certificate
37 -
FortiGate v5.4
35 -
FortiSwitch v6.4
34 -
SSO
34 -
VDOM
33 -
Interface
32 -
FortiConnect
31 -
FortiLink
30 -
Application control
29 -
FortiWAN
27 -
Web profile
27 -
FortiGate-VM
26 -
Virtual IP
26 -
FortiConverter
25 -
Logging
25 -
FortiGate v5.2
24 -
SSL SSH inspection
23 -
FortiPAM
22 -
FortiPortal
20 -
FortiSwitch v6.2
19 -
Fortigate Cloud
19 -
FortiMonitor
18 -
Traffic shaping
18 -
SSID
17 -
OSPF
16 -
Automation
16 -
WAN optimization
16 -
FortiDDoS
15 -
System settings
15 -
FortiGate v5.0
14 -
FortiSOAR
14 -
SNMP
14 -
Static route
14 -
Web application firewall profile
14 -
IP address management - IPAM
14 -
Admin
13 -
FortiCASB
12 -
FortiManager v5.0
11 -
FortiRecorder
11 -
IPS signature
11 -
Security profile
11 -
Proxy policy
11 -
FortiManager v4.0
10 -
FortiBridge
10 -
FortiAP profile
10 -
4.0MR2
9 -
FortiGate v4.0 MR3
9 -
FortiWeb v5.0
9 -
Traffic shaping policy
9 -
Intrusion prevention
9 -
FortiDeceptor
8 -
RMA Information and Announcements
8 -
DNS filter
8 -
Port policy
8 -
4.0
7 -
FortiAnalyzer v5.0
7 -
FortiCache
7 -
Antivirus profile
7 -
Fabric connector
7 -
Web rating
7 -
Fortinet Engage Partner Program
7 -
FortiToken Cloud
6 -
Explicit proxy
6 -
API
6 -
trunk
6 -
Packet capture
6 -
Traffic shaping profile
6 -
FortiTester
5 -
Users
5 -
Email filter profile
5 -
3.6
4 -
FortiCarrier
4 -
FortiScan
4 -
FortiDirector
4 -
Internet service database
4 -
Application signature
4 -
Authentication rule and scheme
4 -
DLP sensor
4 -
Netflow
4 -
TACACS
4 -
Replacement messages
4 -
Service
4 -
Cloud Management Security
4 -
FortiDB
3 -
FortiHypervisor
3 -
FortiNDR
3 -
NAC policy
3 -
DLP Dictionary
3 -
DLP profile
3 -
DoS policy
3 -
Protocol option
3 -
SDN connector
3 -
VoIP profile
3 -
Multicast routing
3 -
FortiInsight
2 -
FortiAI
2 -
Kerberos
2 -
Schedule
2 -
Multicast policy
2 -
Zone
2 -
Vulnerability Management
2 -
FortiGuest
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
Video Filter
1 -
ICAP profile
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1751 | |
| 1114 | |
| 766 | |
| 447 | |
| 241 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2025 Fortinet, Inc. All Rights Reserved.