Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Arnold
New Contributor

VPN between windows server 2012 and fortinet

Hi, is it posible to make a VPN between windows server 2012 and fortinet?

MCSE

MCSE
8 REPLIES 8
MikePruett
Valued Contributor

Mike Pruett Fortinet GURU | Fortinet Training Videos
Arnold

great, is there a guide?

as I cant find any info in fortinets cookbook

MCSE

MCSE
MikePruett
Valued Contributor

Are you looking at having the machine build an SSL VPN tunnel automatically or are you wanting to do IPSec?

Mike Pruett Fortinet GURU | Fortinet Training Videos
Arnold

IKEV2 or SSTP or L2TP

 

MCSE

MCSE
Arnold
New Contributor

bump

MCSE

MCSE
ede_pfau
Esteemed Contributor III

It boils down to which means you have available on the server side.

 

'Built-in' VPN on Windows (client or server) is IMHO the least attractive option. Hidden parameters, foggy documentation, no access to options (encryption, DHgroup,...), some config in GUI, some in registry. A nightmare to debug. Encryption of the payload but not the header etc. etc.

Who is using L2TP or SSTP outside the MS world? IPsec is proven, reliable, interoperative across operating systems.

 

For clients, one can use commercial products which actually work: Forticlient, NCP, Cisco AnyConnect (u-ah),... They implement what MS has missed for decades now.

But, do not try to use FortiClient on Windows server. It's not built for this and maybe never will be. Installing  lowlevel network driver/interface into an ever changing OS can be risky for the overall stability.

 

What I would do: get a small FGT and install a site-to-site VPN between Fortigates. OS independent, scaleable, transparent, reliable. And measured in working hour costs, cheap - set up once, run forever.

 

edit: as if asked for, a recent post here about FClient and server OS battle - https://forum.fortinet.com/tm.aspx?m=146405


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Arnold

ok thanks for the reply, helped me to make a decision 

MCSE

MCSE
marcosta87

Hello Arnold, 

 

Do you have some news about your question? I need to establish a permanent VPN connection between my local network (FortiGate 60E for example) and a remote windows server 2016. I want to allow my users inside the local network access to the remote server, automatically. Is it possible?  

My end users use MAC OS computers and outside my private network they using a VPN L2TP/IPSec connection, the same protocol in windows server side. 

 

Thank you! 

Labels
Top Kudoed Authors