Announcement

Collapse
No announcement yet.

fortigate

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • fortigate

    i have Fortigate-60 i want to allow some computer from the wan to connect by vpn to the fortigate direct to a computer in my company
    how can i do that

  • #2
    Re: fortigate

    Originally posted by dekel_as View Post
    i have Fortigate-60 i want to allow some computer from the wan to connect by vpn to the fortigate direct to a computer in my company
    how can i do that
    funny, i have a bunch of fortisux equipment. might be able to help ya...

    what release are you running? there is a big diff between the 2.5mr11 and the 3 OS. mine shipped with the 2.5 and it sucked... try to get it upgraded to 3 before doing anything further...

    first step you need is a RADIUS server. once you have that, create a relationship between the fortinet and the RADIUS client. it uses a pre-shared key to connect. you can encrypt the key or send it in plain test... just be sure that both are set to the same, or youll have some trouble...

    verify by IP or hostname in the security logs that you see the succsessful authentication on your RADIUS client.

    yea! now you need a WAN connection and an address to connect to...

    if you have a DNS host, create an A record for VPN address (vpn.mycompany.com) or just use the IP. it doesnt bother me either way.

    create in IP pool for the VPN clients on the Fortisux. i used the 172.20.20.0-200 address scheme for my client assignments cause internal is 192, and the company that we share a pipe with is using the 10.0.s

    now on the WAN to DMZ or INT1/2 (which ever you use, i didnt set up yours) create a policy to NAT the 172 (the VPN client) to the internal network.

    on the client computer, create a VPN connection using the wizard... go to the advanced setting and make sure that 'optional encryption' is checked and that MSCHAP v2 is the only protocol (this is assuming that you choose the PPTP protocol) and try to connect.

    does that help any?
    its easier to beg forgiveness than ask permission.
    Give karma where karma is due...

    Comment


    • #3
      Re: fortigate

      MR5 Candidate 2

      Comment


      • #4
        Thats a

        good deal.

        so...


        did it work? are you VPNing all up into your office or what?
        its easier to beg forgiveness than ask permission.
        Give karma where karma is due...

        Comment

        Working...
        X