Hello,
I am completely new to Fortinet world and considering to get Fortinet 60D or Fortinet 70D where I will be required to setup a few IPSEC site-to-site tunnels on it. I need some expert advise on whether the following is feasible and how to go about configuring it (preferably via GUI and if you can point me to any documentation/video tutorial that's even better).
Following are my scenarios for required VPN setup (this is not a typical site-to-site setup involving private IPs). Please note the remote peer devices make/model could vary every time as we deal with new vendors at all times.
Scenario 1:
Remote Peer: Public IP
Remote Network: Public IPs/subnet
My Peer: Public IP
My Network: a few servers behind my Fortinet device that will have routable public IPs assigned to them
Requirement: Users on remote network need to be able to access the resources running on my network over the tunnel (only on certain allowed port numbers. For example: 80, 21 ... and all other ports to be blocked). My servers need to be able to communicate with remote network on all port numbers.
Scenario 2:
Remote Peer: Public IP
Remote Network: Private IPs/subnet
My Peer: Public IP
My Network: a few servers behind my Fortinet device that will have routable public IPs assigned to them
Requirement: Same as Scenario 1 - Users on remote network need to be able to access the resources running on my network over the tunnel (only on certain allowed port numbers. For example: 80, 21 ... and all other ports to be blocked). My servers need to be able to communicate with remote network on all port numbers.
As you can see the only difference between my Scenario 1 and 2 is the remote network's IP class (public vs private). Some vendors that we deal with prefer their end of the VPN tunnel to be terminated on public subnet and some prefer that we do it on their private subnet. So, is that a challenge with Fortinet devices?
Thanks in advance. Please let me know.
Anyone?
Welcome to the forums.
It really doesn't matter what networks are behind the remote peer. All you need to remember is when routing, the distances for those remote subnets needs to be shorter than that of the default gateway on your side. This will direct all those remote subnets down the tunnel as opposed to the public Internet.
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Thank you! I never worked with Fortinet devices before so I am little confused with when you said 'distances for those remote subnets needs to be shorter'. I can tell it is some kind of weighing scale to pick the best possible routes but that's pretty much it.
Every Fortinet documentation that I looked up online talks about how to configure L2L connections for two private networks, and nothing that I can find that talks about anything similar to what I requested. Do you know of any online tutorial that focus on what I need?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.