Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
drivesafely
New Contributor

Site-to-Site VPN Connectivity - block by ISP

Hello,

We are attempting to establish a site-to-site VPN between two FortiGate devices located in Egypt and Kuwait. However, VPN traffic appears to be blocked on the Egypt side, preventing a successful tunnel from being established.

Could you please advise if there is a recommended workaround for this scenario?

We are also exploring the possibility of connecting each FortiGate device to a cloud-based service from their respective countries, and then enabling secure communication between them via that route.

We would appreciate your guidance on feasible solutions or alternative configurations.

Thank you in advance for your support.

5 REPLIES 5
jiahoong112
Staff
Staff

https://docs.fortinet.com/document/fortigate/7.0.0/new-features/508779/fortigate-as-ssl-vpn-client

https://community.fortinet.com/t5/FortiGate/Technical-Tip-FortiGate-acting-as-a-SSL-VPN-client/ta-p/...

You can try to build a site to site sslvpn instead where Fortigate is the sslvpn client. Keep in mind that sslvpn has been deprecated on FortiOS 7.6.3. You can start of by deploying this on FortiOS 7.2.11 or 7.4.7 or 7.4.8.

**If you come across a resolution, kindly show your appreciation by liking and accepting it, ensuring its accessibility for others**
drivesafely

@jiahoong112 

 

Thanks for sharing the SSL VPN site-to-site setup link. Just to add — the ISP in Egypt doesn't provide a dedicated public IP. Will this setup still work in that case? Are there any alternatives you’d recommend?

Thanks again.

jiahoong112

You can look at using FortiDDNS or DDNS configuration in general so that your dynamic public ip can be linked to an fqdn: https://docs.fortinet.com/document/fortigate/7.6.3/administration-guide/685361/ddns 

**If you come across a resolution, kindly show your appreciation by liking and accepting it, ensuring its accessibility for others**
filiaks1
Contributor II

NAT-T may help in some cases IPSec VPN NAT-traversal - Fortinet Community

VinayHM
Staff
Staff

Please check ports 500 and 4500 blocked by the ISP.

Vinay HM
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors