Hello @clfrancisco ,
You can use ddns feature to solve this problem.
https://docs.fortinet.com/document/fortigate/7.4.3/administration-guide/685361/ddns
Hi Francisco
Additionally to Atlas' suggestion, you can also set it up as dial-up VPN client. You can use the Wizard to set it up easier.
Unfortunately there still is a bug in the FortiOS IPSec stack with using ddns as remote gw on a vpn.
This does not affect dial up tunnels.
It does affect Site2Site tunnels. S2S will work if both sides are always online so you can allow phase1 auto negotiation to establish the vpn from both sides. Once you disable phase1 auto negotiation on the side that has the ddns as remote gw (because opposite site doesn't have a static wan ip) it will stop working once the remote ip changes because without phase1 autonegotiation the ipsec stack does not update the remote gw on this side.
Also unfortunately with dial up tunnels and redundancy you run into yet annother bug in the routing stack and sdwan that prevents your FGT from detecting the proper tunnel/route.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
User | Count |
---|---|
983 | |
819 | |
446 | |
440 | |
130 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.