Hot!Anybody connect their Fortigate to a VPN service?

Author
Ahslan
New Member
  • Total Posts : 20
  • Scores: 0
  • Reward points: 0
  • Joined: 2016/07/29 07:24:51
  • Status: offline
2017/11/06 13:05:17 (permalink)
0

Anybody connect their Fortigate to a VPN service?

Curious to see if anybody has configured their Fortigate to use a VPN service such as PIA, NordVPN or any of the million other ones that exist. I currently use pfsense at home due to it being able to use OpenVPN however I would love to switch to using my 60E if I can find a provider that supports the device.
 
Thanks in advance!
 
 
#1

6 Replies Related Threads

    emnoc
    Expert Member
    • Total Posts : 4988
    • Scores: 306
    • Reward points: 0
    • Joined: 2008/03/20 13:30:33
    • Location: AUSTIN TX AREA
    • Status: offline
    Re: Anybody connect their Fortigate to a VPN service? 2017/11/06 13:50:54 (permalink)
    0
    if you  asking can a FORTIGATE  act as a vpn_client, than the answer is no it can not. I'm not aware  of the  fortigate appliance acting like a ipsec or sslvpn client.
     

    PCNSE,  NSE , Forcepoint ,  StrongSwan Specialist
    #2
    ThunderSpartan
    New Member
    • Total Posts : 7
    • Scores: 0
    • Reward points: 0
    • Joined: 2017/01/13 09:00:13
    • Status: offline
    Re: Anybody connect their Fortigate to a VPN service? 2017/11/06 21:26:58 (permalink)
    0
    Sounds like you may mean a “site to site” VPN and yes, the Fortigate can do site to site IPSec, we run it from our FG80D to Amazon web service VPN.

    GL

    IT
    #3
    emnoc
    Expert Member
    • Total Posts : 4988
    • Scores: 306
    • Reward points: 0
    • Joined: 2008/03/20 13:30:33
    • Location: AUSTIN TX AREA
    • Status: offline
    Re: Anybody connect their Fortigate to a VPN service? 2017/11/07 03:47:46 (permalink)
    0
    I have to disagree, he mention the following;
     
     

    such as PIA, NordVPN

     
    These are private internet  anonymous vpn  solution akai  dialup vpn-servers solution. A fortigate is not vpn-client 
     

    PCNSE,  NSE , Forcepoint ,  StrongSwan Specialist
    #4
    Ahslan
    New Member
    • Total Posts : 20
    • Scores: 0
    • Reward points: 0
    • Joined: 2016/07/29 07:24:51
    • Status: offline
    Re: Anybody connect their Fortigate to a VPN service? 2017/11/07 13:09:17 (permalink)
    0
    Yeah, was talking about it being a VPN client. Definitely sad to hear :'(
     
    I'm aware of it being able to be used for site to site as I currently already used several fortigates to connect to Azure.
    #5
    Cyrez00
    New Member
    • Total Posts : 1
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/09/13 13:53:21
    • Status: offline
    Re: Anybody connect their Fortigate to a VPN service? 2018/09/13 14:10:38 (permalink)
    0
    Hi Ashlan,
     
    Late reply but maybe you are still looking for it and otherwise i might help someone else with it.
     
    Yes it is possible to use a Fortigate as a VPN client, took me a long while to figure out there i'm relatively new to the Fortigate world but helped my learning curve greatly!
     
    I have it working with NordVPN.
     
    On the website of Nordvpn there is a description on how to setup an L2TP connection initiated from you WAN interface.
    This procedure works but then you will run into speed limitation of the L2TP setup.
     
    What i did is setup the L2TP client according to their instructions but skip the routing part at the end.
    Under routing monitoring you can see that the default route changed to a 10.x.x.x address as next-hop.
    If you do not see the 10.x.x.x address as next-hop you will need to remove a static route (you'll recognise the one if you see it)
    Your traffic is now VPN'ed.
     
    I then changed the Administrative Distance of my normal static default route to 1, this causes your traffic to flow back over your normal internet connection.
     
    I then created a policy based route to direct specific traffic towards the VPN tunnel by specifying the 10.x.x.x address you found earlier under Monitoring -> Routing
     
    I simply created a separate SSID here with its own VLAN and gave that its interface on the FG (DHCP etc.).
    So when i connect to that SSID the traffic will be redirected towards the VPN tunnel.
    We just use it for unlocking the Netflix region filter but the policy based route can of course be tuned to redirect anything you want.
     
    Works like a charm!
     
    If you would like more help on this just reach out.
     
    Regards,
    Cy.
     
     
    #6
    emnoc
    Expert Member
    • Total Posts : 4988
    • Scores: 306
    • Reward points: 0
    • Joined: 2008/03/20 13:30:33
    • Location: AUSTIN TX AREA
    • Status: offline
    Re: Anybody connect their Fortigate to a VPN service? 2018/09/13 20:20:56 (permalink)
    0
    Again, a fortigate can not act like a vpn client . If your referring to  this link
    https://nordvpn.com/tutorials/fortinet-fortigate/l2tp/
     
    Even nord tells you this is NOT a vpn as in your  traffic is not  encrypted. This a L2TP client access which is not a VPN.
     
    https://forum.fortinet.com/tm.aspx?m=98720
     
    post edited by emnoc - 2018/09/13 20:23:00

    PCNSE,  NSE , Forcepoint ,  StrongSwan Specialist
    #7
    Jump to:
    © 2018 APG vNext Commercial Version 5.5