Would like to know whether there's a workaround for this.
Currently a /29 WAN subnet is created on a WAN 1. e.g. 184.108.40.206/29. Gateway is 220.127.116.11.
I want to separate a particular IP out e.g. 18.104.22.168 and connect it to another port e.g. Port 15 for SSL-VPN purpose.
By default, under the SSL-VPN settings, the box will only listen on the WAN 1 IP i.e. 22.214.171.124:443.
How can I make the box to listen to 126.96.36.199 for the SSL-VPN.
Thank you in advance for your guidance.
Go to Solution.
You will not be able to set a IP on another interface that is already part of the /29 on your WAN1.
You could break up the /29 in two /30's, but would need extra config on the next hop router as well, and a switch in between if there are no other ports available on the next hop.
You could also do a VIP as per this thread but don't think that's what you are looking for as the original IP will also still be listening for VPN requests unless you block it...
View solution in original post
In the link I pasted they guy actually forwards it to his primary extarnal IP, so probably not what you are looking for.
You could also create a loopback interface, and assign any internal IP to it, like 10.40.1.1/30, or just a /32 as you only need one IP
Then create a VIP address with your second external IP and forward it to the IP you specified for the loopback on port 443
Then in the VPN settings you select the new loopback interface as the listening interface. I have done setups like that for IPSEC VPN so I am sure it should work for a SSL VPN setup.
Thanks for your time.
I read thru the link and did a check on the current box.
Silly question: what should the mapped IP be? the LAN IP for the box?
I did a quick change on my home firewall, look at the attached image, create the loopback interface, create the VIP address and change the VPN settings to the new interface.
Then create the policy with the VIP to forward the SSL VPN traffic to your new internal loopback interface.
Also some info on setting up SSL VPN to a Loopback interface.
Thank you for sharing the idea. I've followed the steps and was able to achieve the result.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.