FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ckumar_FTNT
Staff
Staff
Article Id 194137
Description
This article describes how to configure DDNS as a Remote Gateway for SSL VPN users.

Solution
If the external IP address changes regularly and there isa static domain name, configure the external interface to use a dynamic DNS (DDNS) service is possible.
This ensures that external users and customers can always connect to the company firewall.


For example, this below topology will be used:






Step-by-Step Configuration.

1) Configure FortiGuard as the DDNS server.
- Go to Network -> DNS.
- Enable FortiGuard DDNS.
- Select the Interface with the dynamic connection.
- Select the Server with an account.
- Enter the unique location.




2) Configure SSL VPN and select the listing interface.





- In Authentication/Portal Mapping All Other Users/Groups, set the Portal to tunnel-access.
- Create new Authentication/Portal Mapping for group 'sslvpngroup' mapping portal my-full-tunnel-portal.
- Configure SSL VPN firewall policies to allow remote user to access the internal network.

Note.
From GUI, it will show the listing at as resolved IP address only. However, use the DDNS address for both tunnel and web mode is possible (Ex., https://testbrai.fortiddns.com:10443/).

3) On the FortiClient, use the DDNS address as a remote gateway.




Contributors