Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
robert_hua
New Contributor

Created on ‎07-17-2018 03:56 AM

How to do SSLVPN login redundant ?

I have two WAN interface - wan1 and wan2.

SSLVPN is Listen on Interface wan1.

How do I setup the redundancy of sslvpn ? Only add WAN2 on Listen interface ?

Sorry I cannot do the experiment, cuz my Fortigate 200D is on production. 

 

Thank you.

Labels:
4038
0 Kudos
2 Solutions
rwpatterson
Valued Contributor III

Created on ‎07-17-2018 05:15 AM

Welcome to the forums.

 

For SSL VPN, I believe you simply create the appropriate policies and static router entries and you're good to go. Unlike IPSec VPN, SSL VPN isn't tied down by IP address on the way in, so policy alone should be good enough.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

View solution in original post

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
1742
0 Kudos
Toshi_Esumi
SuperUser
SuperUser

Created on ‎07-17-2018 08:55 AM

Don't forget the client side needs two separate profiles and the user manually need to choose one over the other.

To me it's pretty safe to test (adding wan2 and test SSL VPN into wan2) on the live unit without affecting to any other services including existing SSL VPNs via wan1. But if you're super careful (I wish I were), you might want to set a maintenance window and do the testing.

View solution in original post

1742
0 Kudos
3 REPLIES 3
rwpatterson
Valued Contributor III

Created on ‎07-17-2018 05:15 AM

Welcome to the forums.

 

For SSL VPN, I believe you simply create the appropriate policies and static router entries and you're good to go. Unlike IPSec VPN, SSL VPN isn't tied down by IP address on the way in, so policy alone should be good enough.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
1743
0 Kudos
robert_hua
New Contributor
In response to rwpatterson

Created on ‎07-17-2018 06:32 PM

Sorry I am not good at Fortigate...

Could you describe more detail about how to create the policies and static route for "sslvpn redundancy" ?

In policy :I have SSL-VPN tunnel interface(ssl.root)-LAN

In static route : I have destination route only

 

Very appreciate !

1704
0 Kudos
Toshi_Esumi
SuperUser
SuperUser

Created on ‎07-17-2018 08:55 AM

Don't forget the client side needs two separate profiles and the user manually need to choose one over the other.

To me it's pretty safe to test (adding wan2 and test SSL VPN into wan2) on the live unit without affecting to any other services including existing SSL VPNs via wan1. But if you're super careful (I wish I were), you might want to set a maintenance window and do the testing.

1743
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.