Fortigate SSL-VPN connection

gimmepatiencequickly · June 25, 2013, 8:34am

Hi,

I need to connect to a remote network where a fortigate device is installed.
I would like to use my mikrotik router to connect to the fortigate device using an ssl-vpn connection.
I am not the administrator of the fortigate device, so I will need to get the assistance of the administrator on the remote side to assist

What would I use with the mikrotik router?
What settings would I need to get from the fortigate device to correspond to the mikrotik settings
I tried using SSTP, but I get an error… “terminating… - broken http connection”

0 X  name="SSTP Connection" max-mtu=1500 max-mru=1500 mrru=disabled connect-to=x.x.x.x:10443
      http-proxy=0.0.0.0:443 certificate=none verify-server-certificate=no 
      verify-server-address-from-certificate=yes user="y" password="z" profile=default-encryption 
      keepalive-timeout=60 add-default-route=no dial-on-demand=no authentication=pap,chap,mschap1,mschap2

Any assistance will be much appreciated

Thanks

Boardsurfer · June 26, 2013, 4:05pm

I’m not sure if that’s possible. As far as I know, the SSL VPN service on FortiGate devices is pretty much SSTP, but it’s a proprietary version that is only compatible with FortiNet’s official client software and browser plugin. At least I’ve never seen support for third-party clients mentioned anywhere in the documentation for FortiGate firewalls. My experience with FortiNet products is not that extensive, though, so I might be wrong.

We use a FortiGate firewall with SSL VPN at work, so I can do a little bit of testing and will let you know if I figure out a way to make it work.

Boardsurfer · July 22, 2013, 6:28pm

Any updates on this? I haven’t made any progress on the SSL VPN bit, but I can confirm that IPSec between a FortiGate and a RouterBoard works just fine. I have successfully set up a gateway-to-gateway IPSec VPN connection between our FortiGate at work and my RouterBoard at home. Let me know if you’d like to try that option, and I’ll provide detailed instructions on setting it up.

viviirawati · September 26, 2013, 5:16am

may i have the configuration please.

viviirawati · September 26, 2013, 12:35pm

may i know the detail instruction for configuration of gateway-to-gateway IPSec VPN between fortigate and RB, thanks in advanced

gimmepatiencequickly · October 14, 2013, 12:38pm

Thanks for the info Boardsurfer.

Unfortunately I do not have administrative access to the fortinet server. I have spoken to our client to assist with the setup of the VPN connection.

I would appreciate if you would provide instructions on how to set this up

I was thinking of something like this, but I need the fortinet configuration…
http://wiki.mikrotik.com/wiki/MikroTik_router_to_CISCO_PIX_Firewall_IPSEC

Thank you

letabawireless · August 4, 2016, 7:20am

Hi

Having the same scenario here - any updates ?

carlosfrosario · July 21, 2017, 12:05am

Same issue here, anybody has a solution?

Troz · May 24, 2018, 3:53pm

BUMP

ALSO need this info please any updates ?

anav · May 24, 2018, 4:03pm

Sounds like the need for a WIKI for an IPSEC connection between a mikrotik and a fortinet device.

Extrapolate away…
https://www.draytek.com/.upload/pdffiles/b41bd92397eed6417966c407b9d65847.pdf
https://blog.webernetz.net/ipsec-site-to-site-vpn-fortigate-cisco-router/
https://cloud.google.com/files/CloudVPNGuide-UsingCloudVPNwithFortinetFortiGate300C.pdf

From the NET
QUOTE: " I have set up Fortigate VPNs with Cisco, Watchguard and Sonicwalls in the past without issue. As long as all the settings for Phase 1 and Phase 2 match it should work regardless of vendor." UNQUOTE

evince · May 25, 2018, 9:51am

VPN IPSec between Fortigate and Mikrotik is quite easy. The only need is to match both phase1 and phase2. In fortigate side, you can choose interface mode instead of policy based vpn if you prefer