DescriptionThis article describes how to configure DDNS as a Remote Gateway for SSL VPN users. SolutionIf the external IP address changes regularly and there isa static domain name, configure the external interface to use a dynamic DNS (DDNS) service is possible.
This ensures that external users and customers can always connect to the company firewall. For example, this below topology will be used:
1) Configure FortiGuard as the DDNS server.
- Go to Network -> DNS.
- Enable FortiGuard DDNS.
- Select the Interface with the dynamic connection.
- Select the Server with an account.
- Enter the unique location.
2) Configure SSL VPN and select the listing interface.
- In Authentication/Portal Mapping All Other Users/Groups, set the Portal to tunnel-access.
- Create new Authentication/Portal Mapping for group 'sslvpngroup' mapping portal my-full-tunnel-portal.
- Configure SSL VPN firewall policies to allow remote user to access the internal network.
From GUI, it will show the listing at as resolved IP address only. However, use the DDNS address for both tunnel and web mode is possible (Ex., https://testbrai.fortiddns.com:10443/).
3) On the FortiClient, use the DDNS address as a remote gateway.