Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
MRPUGH55
New Contributor

Simple Queston

I have 20 customers needing VPN access to resources on my business network.  Yes, they can use Fortinet VPN Client, but what Fortinet product do I need installed on my gateway to allow them to connect?

 

thanks

Martin

7 REPLIES 7
kcheng
Staff
Staff

Hi @MRPUGH55 

 

In order for your user to connect to your business network, you will need to setup a VPN gateway. If you already owned a FortiGate, you can configure FortiGate as your VPN gateway. Depending on your need, you can configure either SSLVPN or IPSec VPN:

https://docs.fortinet.com/document/fortigate/6.0.0/Cookbook/690301/configuring-the-ssl-vpn-tunnel

https://docs.fortinet.com/document/fortigate/6.0.0/Cookbook/589121/ipsec-vpn-with-forticlient

Cheers,
Kayzie Cheng

If you have found a solution, please like and accept it to make it easily accessible for others.
MRPUGH55
New Contributor

Thanks.  But my question was regarding which Fortinet appliance/product I need to provide that VPN gateway.  I dont have anything yet.

pminarik

Any modern FortiGate unit will suffice, see below:

If checking the datasheet, pay attention to the SSL-VPN throughput numbers. You should aim for a model that will sastisfy your throughput needs for all 20 users.

 

A FortiProxy would also work (it supports both SSL-VPN and IPsec), but that shouldn't be your first choice (FortiProxies are bought primarily for proxying, not for VPNs).

[ corrections always welcome ]
IT_Ahan2
New Contributor III

you need one internet static IP as a gateway for configuring VPN 

gfleming

You don't necessarily need static IP. You can use FortiDDNS service if you have dynamic IP.

Cheers,
Graham
sw2090
SuperUser
SuperUser

Basically that doesn't even need to be a Fortinet product. Both sslvpn and IPSec are standardized so it would work with any vpn gateway.

However I never tried since I have fortigates as vpn gws where I need vpn.

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
pminarik

Correct for IPsec (standardized, mostly inter-operable with possible issues usually stemming from implementation details), but wrong for SSL-VPN. No such thing as an "SSL-VPN standard" exists. SSL-VPN is a concept ("do a VPN by wrapping traffic in SSL/TLS/HTTPS"), but everyone does it their own way. FortiClient's SSL-VPN won't work with non-Fortinet products, and neither will arbitrary third party SSL-VPN clients work with FortiGate. (unless the author specifically made effort to make it compatible with FortiGates)

[ corrections always welcome ]
Labels
Top Kudoed Authors