Hi
Understand there are limitation when setting fortigate in transparent mode. One of which is VPN. Can the VPN be set up for remote client to dial in? Or is this limited to site to site tunnelling. Even that has limitation I believe
Thanks
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
If I remember correctly VPN in transparent mode is one of the few (few, few) cases where you need to create a policy-based VPN - action "IPSEC" or "ENCRYPT". Per se, a dial-in VPN should be possible, as well as a site-to-site VPN. No luck searching the docs?
Which firmware version are you running?
Hi Ede_Pfau
First thank you for the quick response. So far, I have seen example of IPsec VPN tunnel between two FG in transparent mode. I think I understand your logic referring to one of entity of the site to site IPsec tunnel as a client. To the point, you mean I can use a remote forticlient to dial into the FG configured as a VPN server operating in transparent mode. But only IPsec. So the FG can be configured to assign a dedicated pool of IP to the remote client.
I did not find a doc on this particular topic or an example close to this. Do you have ?
Regards
Hi Ede_Pfau
I forgot to mention the version 5.0.
regards
Hvae you tried to contact FTNT for a cookbook or tech doc
They might have a KB or document for just this type of setup.Some how I don't think you can do this but if anybody would know it would be tac/support and the techdoc team.
PCNSE
NSE
StrongSwan
Yes, if a TP FGT supports IPsec VPN then why shouldn't it be supporting dial-in from a Forticlient? We're talking about IPsec only here. You could have a look at a v3 Handbook for the details on how to set up a dial-in "policy-based" VPN and try to transfer that config onto the TP mode FGT. In v3, policy-based VPN was standard, and dial-in was supported of course.
Whether a TP mode FGT supports DHCP-over-IPsec is a different question. I'd bet it does not. Shouldn't be much of a problem though, and your second one anyway.
Hi
Just want to say thanks for the input. It is true Ipsec Site to site tunnelling is supported on TP mode and is in the doc. And the rationale here I guess is that if one end or one of the site (like a client) looking into the other site can be set up on the VPN tunnel , why wouldnt it work with a forticlient with the similar setup. Unfortunately, there is little or no example or info out there.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1714 | |
1093 | |
752 | |
447 | |
232 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.