Setup SSLVPN on fortigate when peplink in front of fortigate

Hi,

Please help me to configure SSL VPN on fortigate, when my Peplink Balance 580 in front of Fortigate,

the condition :

  1. my WAN connect to Peplink then port LAN on Peplink connect to Fortigate
  2. on fortigate i already success create SSL VPN using ip LAN, so only internal LAN kan connect to my SSLVPN fortigate
  3. for external network how to make it connected

please help

Hi deka - welcome to the forum,
You’ll want to forward ports from the WAN of your balance to the WAN of the fortigate. The last time I used a fortigate the default port for SSL VPN was 10443 but it might have changed now.

Navigate to Network > Inbound Access | Port Forwarding. Click ‘Add service’ button then fill it in and choose the WAN connection and public IP you want to use to forward to the fortigate:

1 Like

Minor note: I believe the current default port number for a FortiGate’s WAN interface for SSL-VPN is 443, and for a FortiGate in its fresh out-of-the-box default configuration overall you‘ll see a warning notice in the WAN Interface configuration section saying that this is in conflict with the management/Admin port number.

So you need to either change the management port number or the SSL-VPN port number or (both) ingressing to the WAN interface for the FortiGate to resolve by this default port number conflict.

(Also, a best practice security-wise is to also disable all protocols like https, ping, ssh, etc in the Admin management section on the WAN interface configuration page and only enable any of these protocols like https on a LAN interface only, unless you specifically need to manage the FortiGate through it’s WAN interface/Ethernet port, and you’re okay with the security risks)

https://docs.fortinet.com/document/fortigate/6.4.0/hardening-your-fortigate
https://docs.fortinet.com/document/fortigate/6.4.0/best-practices