Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
rsondal
Staff
Staff

Created on ‎09-05-2023 08:37 AM Edited on ‎09-07-2023 12:57 AM By Moderator

Article Id 272076

Technical Tip: SSL VPN behind NAT

Description This article discusses SSL VPN in NAT mode.
Scope FortiGate.
Solution
  1. There will be a private IP on the WAN interface of FortiGate from the ISP.

 

image1.JPG

 

  1. It is possible to see the same IP on the SSL VPN setting when the WAN interface is chosen as the listening interface.

 

image2.JPG

 

  1. Login to the ISP router with the default gateway IP on the FortiGate WAN interface, then make the port forwarding rule for the SSL VPN port and point it to the FortiGate WAN interface IP.

 image3.JPG

 

  1. Then on FortiClient use the public IP and port number of SSL VPN it will work just fine. If not sure where to get public IP, see the status under the dashboard of the FortiGate, and on system information, the WAN IP will be visible as public IP see the second screenshot.

image4.JPG

 

image5.JPG

 

Or get the WAN IP from the CLI command below:

 

diagnose sys waninfo

Public/WAN IP: ...

...

 

 

2541
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.