- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Simple Queston
I have 20 customers needing VPN access to resources on my business network. Yes, they can use Fortinet VPN Client, but what Fortinet product do I need installed on my gateway to allow them to connect?
thanks
Martin
- Labels:
-
FortiCloud Products
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @MRPUGH55
In order for your user to connect to your business network, you will need to setup a VPN gateway. If you already owned a FortiGate, you can configure FortiGate as your VPN gateway. Depending on your need, you can configure either SSLVPN or IPSec VPN:
https://docs.fortinet.com/document/fortigate/6.0.0/Cookbook/690301/configuring-the-ssl-vpn-tunnel
https://docs.fortinet.com/document/fortigate/6.0.0/Cookbook/589121/ipsec-vpn-with-forticlient
Kayzie Cheng
If you have found a solution, please like and accept it to make it easily accessible for others.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks. But my question was regarding which Fortinet appliance/product I need to provide that VPN gateway. I dont have anything yet.
Created on 01-04-2023 03:57 AM Edited on 01-04-2023 03:58 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Any modern FortiGate unit will suffice, see below:
- https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/Fortinet_Product_Matrix.pdf
- https://www.fortinet.com/products/next-generation-firewall
If checking the datasheet, pay attention to the SSL-VPN throughput numbers. You should aim for a model that will sastisfy your throughput needs for all 20 users.
A FortiProxy would also work (it supports both SSL-VPN and IPsec), but that shouldn't be your first choice (FortiProxies are bought primarily for proxying, not for VPNs).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
you need one internet static IP as a gateway for configuring VPN
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You don't necessarily need static IP. You can use FortiDDNS service if you have dynamic IP.
Graham
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Basically that doesn't even need to be a Fortinet product. Both sslvpn and IPSec are standardized so it would work with any vpn gateway.
However I never tried since I have fortigates as vpn gws where I need vpn.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Correct for IPsec (standardized, mostly inter-operable with possible issues usually stemming from implementation details), but wrong for SSL-VPN. No such thing as an "SSL-VPN standard" exists. SSL-VPN is a concept ("do a VPN by wrapping traffic in SSL/TLS/HTTPS"), but everyone does it their own way. FortiClient's SSL-VPN won't work with non-Fortinet products, and neither will arbitrary third party SSL-VPN clients work with FortiGate. (unless the author specifically made effort to make it compatible with FortiGates)