Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
squad4
New Contributor

Created on ‎07-22-2023 05:48 AM

SSL VPN with Fortigates in HA with Azure ELB/ILB

I'm trying to setup SSL VPN with Fortigates in HA with Azure ELB/ILB.

The documentation/videos I've followed show the Azure AD steps and how to setup SSL VPN on the FGT, however I can't find how to do the ELB configure and how to bring it into the Fortigate.

Do I create a front-end IP on the ELB, load balancing rules for 10433 then create a Virtual IP on the FGT? Creating a Virtual IP needs to match to an internal IP address though.

I'm guessing the front-end IP needs to map somehow to the SSL-VPN tunnel interface (ssl.root).

Thank you in advance.

10.0.0.0.1 192.168.1.254
10.0.0.0.1 192.168.1.254
Labels:
647
0 Kudos
2 REPLIES 2
mwissa
Staff
Staff

Created on ‎07-22-2023 06:18 AM

The following github URL has detailed script and deployment instructions.

azure-templates/FortiGate/Active-Active-ELB-ILB at main · fortinet/azure-templates (github.com)

 
 

2023-07-22_06-16-50.gif

636
0 Kudos
vsahu
Staff
Staff

Created on ‎07-22-2023 11:11 PM Edited on ‎07-22-2023 11:34 PM

Hello squad4,

 

Just like you configure SSH access or Https access for Fortigate you've to open the port on wan Interface for SSL VPN instance, You do not have to bind the front-end IP with ssl.root, but you've to bind that with the Fortigate wan Interface, like (port1 or port2) whichever you're using, as ssl.root is a logical interface on Fortigate it will create when you enable the SSL VPN on physical ports (wan generally), Once it is done you'll have to configure the SSL VPN on Fortigate and you should be able to access the VPN.


Reference:

https://docs.fortinet.com/document/fortigate-public-cloud/7.4.0/azure-administration-guide/889158/co...

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Assign-multiple-public-IP-addresses-to-For...

Regards,
Vishal
604
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.