Description |
This article describes that sometimes, firewall administrators may have the requirement of a change in network topology involving removing a WAN interface. This is done from the SSL VPN settings in a site with a multi-interface setup while also configuring DDNS with the same interfaces. |
Scope | Removing an interface from SSL VPN settings without causing an outage. |
Solution |
Example:
config vpn ssl settings ….. config system ddns edit 1 set ddns-server FortiGuardDDNS set ddns-domain <……> set monitor-interface "wan1" “wan2” next end
The interface that is required to be removed from SSL VPN must be removed from the 'monitor-interface' settings under DDNS config first then the interface can be removed from the SSL VPN settings through GUI or CLI with no concerns. If the interface is removed from SSL VPN settings only it may lead to failure to connect any SSL VPN client as it will still be referenced in the DDNS settings especially if SSL VPN clients are using the DDNS hostname to connect to the VPN. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.