We are hoping to use the Fortimanager to start building VPNs. Currently each of our customers are mapped from a Vdom > Adom. We need to build a customer VPN within that Adom. I see there are 2 options to do this.
1. Use VPN manager
2. Use device manager and build the phase 1 & 2 within here.
Most of our builds will be IPSEC site to site going to a 3rd party firewall which we do not manage and a remote client VPN using the Forticlient which we will manage.
I see the VPN manager seems to benefit when you are in control of all devices so if we are building to a 3rd party would it be the best place to build? however on the flip side when you do it via device manager there is no wizard and seems to be a bit of a pain to get working.
I did that for a hub-spoke star topology of IPSEC Tunnels.
They all had the same remote side (not ours) but different local sides (our FGTs).
So I created a star topology in VPN Manager in FMG.
Then I created one hub for the remote side and then
I created a spoke for every FGT in the ADOM that should have such tunnel.
Once passwords and proposals were correct those worked and VPN Manager even created the address objects needed for the policies.
Now if I need an additional tunnel I just add a new spoke in VPN Manager (which only requires you to enter a few things like the Interface the tunnel should be attached to) and (since not all FGT have this tunnel) add an installation target to the Policies for that tunnel (this could also be solved by creating a group in device manager and use that as install target for the policies).
In your case it just woud be vice versa since you are the central point and the others are the spokes ;)
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
"It is a mistake to think you can solve any major problems just with
potatoes." - Douglas Adams
i agree with you jhoggard, the VPN manager in the FortiManager is nice for a clear hub and spoke or mesh setup of systems you control. although currently for a good mesh ADVPN might be a better solution.
everything outside that is better done normally via the device manager. it requires some work, but once you know your settings it isn't that much work either.
if you know the CLI commands you could also just use the CLI scripts to set the tunnels up and do lots of copy pasting while changing things like IPs and such.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.