Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
rogermijares
New Contributor

Created on ‎02-05-2024 12:44 AM Edited on ‎02-26-2024 03:19 AM By Community Manager

Evaluation Licence VPN SSL

Doesn anybody know if the VPN SSL can be setup in fortigate that is runnig 7.4 with a evaluation licence ?

 

This is error thta I am getting

unable to establish the vpn connection, The VPN server is unreachable or your identity certificat is not trusted (-5)

 

Thanks in advance..

 

 

Labels:
545
0 Kudos
1 Solution
5 REPLIES 5
ndumaj
Staff
Staff

Created on ‎02-05-2024 01:10 AM

Hello Rogermijares,

enable the following debug on FGT to investigate:

diag debug console timestamp enable

diag debug app fnbamd -1

diag debug app sslvpn -1

diag debug enable

BR

- Happy to help, hit like and accept the solution -
537
0 Kudos
pminarik
Staff
Staff

Created on ‎02-05-2024 02:41 AM Edited on ‎02-05-2024 02:42 AM

If you're talking about the unlicensed VM that anyone can download and run:

In theory: Yes.

In practice: No, almost impossible.

 

Unlicensed VMs have significant restrictions to which crypto algorithms they allow, which makes most cryptography-utilizing features unusable. SSL-VPN specifically will offer only bad and outdated algorithms during the handshake, which will be rejected by any modern client. If you can convince/reconfigure your client to negotiate these outdated ciphers, it should work. (this is the "in theory" answer)

------

If on the other hand you meant a fully functional evaluation license (a proper VM license just like any other, except time limited to permanently expire somewhere between a month and a year), then those should work just fine (no crypto limitations). In this case you should follow up with troubleshooting as outlined by @ndumaj .

[ corrections always welcome ]
522
rogermijares
New Contributor
In response to pminarik

Created on ‎02-05-2024 02:53 AM

I am using the VM evaluation licence which doesnt expire. This is for a home lab and I want to learn the product but if I cant setup a simple VPN server this licence is rubbish. I am better off with sophos, I reckon.....

514
0 Kudos
pminarik
Staff
Staff
In response to rogermijares

Created on ‎02-05-2024 04:38 AM

Unfortunately, VPNs are the two features most impacted in trial VMs. :(

 

If you have some contacts via your employment, you could try obtaining the full evaluation license. A used hardware FortiGate is another option, as these don't have crypto restrictions, even with expired support contracts. Alternatively, if your aim is trying out VPNs in general, FortiClient should let you easily set crypto settings for IPsec that will be compatible with a trial VPN.

[ corrections always welcome ]
496
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.