I' m trying to set up two separate dial-up VPNs to a Fortigate, and am a little confused about how they are supposed to coexist. Maybe somebody could help me clear up the fuzziness in my mind?
The first VPN is a gateway-to-gateway VPN, the second will be an L2TP VPN to support road warriors. I have been able to set up both VPNs successfully one at a time, but not make them coexist on the same Fortigate.
The gateway-to-gateway VPN is a route-based VPN between two Fortigates, FG-A and FG-B. FG-A is in the central office with a static public IP. FG-B is in the remote office with a dynamic public IP. I am using the Fortigate factory certificates for authentication.
The road-warrior VPN will go to FG-A. Following the IPSec documentation, I set it up as a policy-based VPN.
When I try to connect to this VPN, Windows will display an error 789.
Before I go into troubleshooting mode, I would like to understand more about what' s supposed to happen. When the dial-up client connects, how does the Fortigate determine which of the two VPNs to use?
For Site to Site VPN do you consider using DynDNS for FGT-B so that you don' t need to configure Site to Site VPN on FGT-A as a dial-up.
For Roadwarriors you can simply configure a FortiClient VPN which is IPSEC As well.
I' m very reluctant to use DynDNS because this VPN is already in production; I don' t really want to touch it unless I have to.
The VPN really needs to work with the native tools for Windows and iPad (meaning, L2TP).
Forticlient - no thanks. I really like the quality of Fortigate in gneeral, but with Forticlient, they did a shoddy job; I wouldn' t impose that on my users unless I have to.
The problem is that it can kill your user' s Windows computer with no easy recourse. The specific problem is that the included antivirus software is oblivious to already-installed AV software. If you have roadwarriors, you can either enable the Fortigate AV (and kill those who already have another Antivirus program), or disable it, and negate the whole point of protecting the endpoint (and you still risk accidentally turning on the AV).
I' m not sure really how to respond to you but if you want to PM me I can probably help. I have an L2TP dial-in VPN running side by side with a tunnel mode and an interface mode tunnel in the same VDOM.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.