Thanks so much. One change I had to make to make remote access work from a remote location was turn on NAT. Coming from a netgear router, Fortinet is significantly more complex. Thanks for these directions. Would be very difficult to do without a video like this.
This was an excellent tutorial! I can't believe I was able to get this to work just by viewing one CZcams video. Thanks for educating me on this. My boss is extremely happy as am I. Great job!
Nice video during the current lockdown situation. Honestly, i never really believe into SSL VPN as IPSec dialup vpns were always quicker and more secure overall for me. But thats me. I am sure this video will be super useful for loads, keep it up mike! 👍
Hi @fortinet guru, thanks for the brilliant explication, i have a question in my job we connect through forticlient app which point to a fqdn name instead to ip address,so how does is it configured that on the fortigate firewall? Thanks in advance.
The FQDN is configured in DNS at the registrar level to point to the external IP of the FortiGate. Either that or a CNAME pointing to the dynamic DNS entry provided through a third party.
Hi I really enjoyed watching your videos keep it up (Y) In the near future we love to have a video that explains the different subscription options for fortigate and how to know if it is the right subscription for us . Or do we need those types of subscriptions in our environment. If you have time and available. thank you More power Fortiguru
Hello, new to the channel. Thanks for your videos. I'm fairly new to ForiGates and wish I found your channel a few months ago :) for a more in-depth video, you should restrict to Geographic region (only allow SSL connections from US) Is there an easy way to use an AD security group for managing authentication? I did this on WatchGuard firewalls and put a checkbox on a new user setup sheet "does new use get VPN access" if yes, all I did was add them to the SSL-VPN security group in AD for permission. Also, would love to see options for using 2FA with LDAP. (Something I'll be considering for some clients of mine.)
Will add to the list! I use FSSO if I want it streamlined. Otherwise an individual group for sslvpn usually suffices. This is a super basic example. Further explanation in other videos will add those caveats.
Excelent video !! Its posible create a policy VPN OUT ? I need access a share printer in a forticlient client PC , but I cant access this machine form my office
The world is our oyster on this one. You can provide access from internal to SSLVPN devices. The IPs change enough that behavior may be erratic in some cases though.
Hello, we are new to the Fortigate appliance world and we are now running a 100F at each of our facilities. We have an IPsec tunnel that works fine, and we have SSLVPN set up for both branches, but we cannot get an SSLVPN user to go through the IPsec to access remote branch resources. Do you have a video talking about this configuration?
Hey great guide, i managed to connect the vpn client on my wifi lan however, when i try to connect to the vpn from a mobile hotspot, it does not connect
Hello, Thanks for your videos I want to know if this setup will work if my VPN Firewall/Router WAN connection is using 4G (SIM Card) keeping in mind that ISP provides only privet addresses (no real IP address) for devices connecting over 4G
Just curious for smb’s who dont have static IP’s, can this be achieved with dynamic addresses? I had a 300a that I used dyndns to see cameras remotely, but never setup vpn. On the new 300D, those options aren’t available in the web gui anymore, only a fortinet dns.
Hey Mike! Cool videos, been learning a lot. Can you make a video how to setup VPN Clients to authenticate via their G-Suite SAML and as well as 2-step verification e-mail as an OTP receiver.
I have one coming for Azure SAML. Should do a decent job of describing benefits etc. Would need to dive in a little stronger on the G-Suite related items to be able to accurately describe and show.
hello great videos i really like them! do you know which version is the most stable right now for example 61F? we are thinking about going for 6.4.6 but i can't find relevant information on the internet for firmware recommendations...
Hay Mate, I am working on 2FA with SSL VPN on Fortigate, I have done this with email and tokens, do you know is there a way to achieve third party 2FA with Fortigate device like Microsoft Authentication etc.
@Adam Back I can confirm, we are doing this exactly. Authenticator App on phone, it works great. Note that if you do this, do not try to test from the GUI. It needs to be done from command line, it is a PAP/CHAP issue, I think from memory that the GUI is PAP only.
Hi Sir, Thank you for the video. Could we have multiple DNS Servers for the VPN Users. I see only one option to select one Primary DNS and Secondary DNS in SSL VPN Settings. Is there any other option having VPN users of different portals to have multiple DNS Settings.
Hello, I was waiting for your review on the DNS split tunneling option and then you passed it at 17:46, was it intentional? xD I know this feature had bug-related topics
I need clarification. At 15:35 you add 2 subnets. Are these the active local subnets within your domain that the vpn will connect to? Thanks. Great video!
How about a start to finish SSL Cert for the Fortigate so I don't have to see the warning in Chrome every time I access the firewall. From generating CSR, Filing out the SSL request, CN, Domain etc., then what to import back in. I'm hung up on the issue that I don't understand the CSR asks for domain name, its not a domain its a router. I access it by xx.xx.xx.xx not myrouter.com.
HI Gary, I had the same issue and it took me just a couple of clicks to solve it. First I have created a subdomain for VPN ( A record on public company DNS manager) VPN.MYCOMPANYSITE.COM which points to my Fortigate Public IP address. Make this works first. Then generate the CSR where the domain name will be VPN.MYCOMPANYSITE.COM. There are a lot of tutorials on how to generate CSR and Import them , for example : www.ssldragon.com/blog/how-to-install-an-ssl-certificate-on-fortigate/. I bought the cheapest SSL certificate and it works perfectly. ( just for domain validation). If you want fancy stuff, with SAN or VDOMS ... go with CLI
Really looking to get the SAML auth working on SSL VPN. Even Fortinet support doesn't really know it yet. Has anyone been able to get SAML working with Google or Azure?
Hi I tried this after watching your video.. SSL VPN portal works without any problem.. but forticlient not establishing tunnel connection with remote gateway.. is there anything I need to check specifically??. Fyi, portal is set to full access...
VPN connects but then how do you remote access the computer at a different site? Tried RDP but kept failing??? I'm so confused on the final step that no one is ever explaining..
is there an option to increase session time on forticlient ? Because, allways up options is not free. Not seems good to have a VPN that have a session time. For the real life scenarios, that make a lot of problems.
I was using 80C, 90D. Was told that support for firmware will cease this yr for 80c. maybe next year 90D. which model will you recommend for replacement if these are going to be out of support? Thank you!
Hello dude, i have one question...i need to connect 300 users via vpn to access my web app, but i have only small Fortinet 60F. Is it possible to use 60F for that number of VPN users (SSL VPN). They will not be concurrent connected to my system, only as needed. Thanks in advance for answer and i have to tell you that your channel is my favorite one.
I need to deploy the Forti VPN client to a few hundred laptops via GPO. Previously (v6) i used a Forticonfigurator to create an MST with custom settings i.e. remote gateway address, custom port, etc. The Forticonfigurator only supports up to version 6. Any ideas on how best to customize the installer for newer version?
Thank you for this video. Does it make sense that my users are have to connect after 8 hours of use? Do I need some sort of license to avoid that? Thank you.
Hi @Fortinet Guru, thanks for the video. I tried out the split tunneling, I could connect, but could not pass traffic through to my LAN and I have a policy for my LAN. Kindly help
Thanks so much. One change I had to make to make remote access work from a remote location was turn on NAT. Coming from a netgear router, Fortinet is significantly more complex. Thanks for these directions. Would be very difficult to do without a video like this.
This was an excellent tutorial! I can't believe I was able to get this to work just by viewing one CZcams video. Thanks for educating me on this. My boss is extremely happy as am I. Great job!
Hope, your boss will soon raise your salary.
So far one of the best tutorials Ive seen and Im only half way through. Great work and appreciate!
This best and compressive video to learn SSL-VPN setup
Great tutorial, really appreciate this step by step setup. Great detail and very thorough! Thanks!
very good, thanks. I just got my 30E and will be learning with your videos.
TNice tutorials is so fun editing in it I just saw half of your tutorial and couldn't stop PLAYING WITH ITT dont worry I ca bac k after it
your videos are really good - i'm searching for NSE 4 6.2 training content!
NSE Institute can help you
Thank you for all your efforts.
Thank you very much. you coverd all the basics end to end. --- Very helpfull
Nice video during the current lockdown situation. Honestly, i never really believe into SSL VPN as IPSec dialup vpns were always quicker and more secure overall for me. But thats me. I am sure this video will be super useful for loads, keep it up mike! 👍
Very helpful! Thank you for this intuitive walkthrough!!
Nice video, i appreciate your efforts. Kindly increase volume in the next videos.
Thanks a lot.... very helpful video
thanks you for sharing
Thank you sir! Very helpful tutorial.
Hi @fortinet guru, thanks for the brilliant explication, i have a question in my job we connect through forticlient app which point to a fqdn name instead to ip address,so how does is it configured that on the fortigate firewall?
Thanks in advance.
The FQDN is configured in DNS at the registrar level to point to the external IP of the FortiGate. Either that or a CNAME pointing to the dynamic DNS entry provided through a third party.
Well done! We appreciate it!
I appreciate you!
love this fucking channel man keep up the good videos
you da man!
Very very very helpful thank you so much!!!
very nice. Video on always on vpn (rather than auto-connect)? LT2P?
Thank you very much!! regards from VietNam!
On point as always!
Thanks!
This was brilliant and very usefull. Thanks a bunch.
Thank you. Very helpful.
Hi I really enjoyed watching your videos keep it up (Y)
In the near future we love to have a video that explains the different subscription options for fortigate and how to know if it is the right subscription for us . Or do we need those types of subscriptions in our environment.
If you have time and available.
thank you
More power Fortiguru
I just want to say thank you for teaching¡
Thank you very much!! regards from Argentina!! 👏🏻👌
You are welcome!
great tutorial man thank you
Awesome job! thanks Can you show how to point to a Hostname if using dual circuits
Exactly what I needed. Thanks.+
Please put a video on Differences between SSL VPN AND IPsec VPN
Sounds like a plan
@@FortinetGuru I'm waiting
Very helpful, thanks man.
its a great tutorial - by any chance do u have a tutorial to remote access thru specific protocol web portal ? appreciate
Adding to the list of videos to make
WONDERFULL LOT OF LOVE FORM INDIA
Very helpful ... actually I in need to configure FG200E to enable specific number of remote users to access a server ?
Thanks, very useful
Great stuff. Can you make a video on SSL Offloading in Fortigate Firewalls. Thanks in advance.
Hello, Just subscribed.
Can you make a video describing different use cases when to setup SSL-VPN and IPSec VPN.
I will have a video coming out that will dive into the specific use cases I like to use each one for.
@@FortinetGuru Thank You for addressing it.
Thank you so much for this :D
good info thank you guru
You are very welcome!
Nice tutorial, Great job
Informative
great video only got 1 problem when I checked for firewall policy there was none!!! HELP!!!
Helpful, appreciated!
my fortigate firewall model is fortinet 100
Hi Sir. Thank you so much for this. You helped me saved my job
Thanks Man, I was able to connect but i do not see any of my internal network devices and drives, am I missing something?
Hello , thanks for this info . Can you assist with setting up site to site VPN . Thanks
Keep up the great work!
HiMate
LOVE YOUR VIDEOS.
do you have a video on site to site vpn with overlapping subnet between sites?
Hello, new to the channel. Thanks for your videos. I'm fairly new to ForiGates and wish I found your channel a few months ago :)
for a more in-depth video, you should restrict to Geographic region (only allow SSL connections from US)
Is there an easy way to use an AD security group for managing authentication? I did this on WatchGuard firewalls and put a checkbox on a new user setup sheet "does new use get VPN access" if yes, all I did was add them to the SSL-VPN security group in AD for permission.
Also, would love to see options for using 2FA with LDAP. (Something I'll be considering for some clients of mine.)
Will add to the list! I use FSSO if I want it streamlined. Otherwise an individual group for sslvpn usually suffices. This is a super basic example. Further explanation in other videos will add those caveats.
Fortinet Guru thank it’s working fine on windows 10 forticlient, but no internet on android and iOS devices
Excelent video !! Its posible create a policy VPN OUT ? I need access a share printer in a forticlient client PC , but I cant access this machine form my office
The world is our oyster on this one. You can provide access from internal to SSLVPN devices. The IPs change enough that behavior may be erratic in some cases though.
Hello, we are new to the Fortigate appliance world and we are now running a 100F at each of our facilities. We have an IPsec tunnel that works fine, and we have SSLVPN set up for both branches, but we cannot get an SSLVPN user to go through the IPsec to access remote branch resources. Do you have a video talking about this configuration?
excellent
Hi, Thanks for this video, i tried to follow it however facing that unable to establish vpn connection. appreciate any advice on the error i facing
Hey great guide, i managed to connect the vpn client on my wifi lan however, when i try to connect to the vpn from a mobile hotspot, it does not connect
Does your hotspot subnet overlap with your local subnet on the other end of the vpn (the branch you are trying to connect to?)
Hello, Thanks for your videos I want to know if this setup will work if my VPN Firewall/Router WAN connection is using 4G (SIM Card) keeping in mind that ISP provides only privet addresses (no real IP address) for devices connecting over 4G
thanks a lot verry helpfull, appriciate
Just curious for smb’s who dont have static IP’s, can this be achieved with dynamic addresses? I had a 300a that I used dyndns to see cameras remotely, but never setup vpn. On the new 300D, those options aren’t available in the web gui anymore, only a fortinet dns.
Yes, same question here...but on a 60F.
hi nice videos ,,, can i ask can you setup a ssl site to site vpn I dont want to use ipsec ... does the fg40 support this type of vpn, thanks
corrupted mac packet detected
hello dear
I present this error configuring vpn ipses
any idea why this happens
Hey Mike! Cool videos, been learning a lot. Can you make a video how to setup VPN Clients to authenticate via their G-Suite SAML and as well as 2-step verification e-mail as an OTP receiver.
I have one coming for Azure SAML. Should do a decent job of describing benefits etc. Would need to dive in a little stronger on the G-Suite related items to be able to accurately describe and show.
clips. I use a drum loop and afterwards I want to record a appguitar. What happens.. the drumloop starts to record again along the
hello great videos i really like them!
do you know which version is the most stable right now for example 61F?
we are thinking about going for 6.4.6 but i can't find relevant information on the internet for firmware recommendations...
Hay Mate, I am working on 2FA with SSL VPN on Fortigate, I have done this with email and tokens, do you know is there a way to achieve third party 2FA with Fortigate device like Microsoft Authentication etc.
@Adam Back I can confirm, we are doing this exactly. Authenticator App on phone, it works great. Note that if you do this, do not try to test from the GUI. It needs to be done from command line, it is a PAP/CHAP issue, I think from memory that the GUI is PAP only.
Hi Sir,
Thank you for the video. Could we have multiple DNS Servers for the VPN Users. I see only one option to select one Primary DNS and Secondary DNS in SSL VPN Settings. Is there any other option having VPN users of different portals to have multiple DNS Settings.
Hello, I was waiting for your review on the DNS split tunneling option and then you passed it at 17:46, was it intentional? xD I know this feature had bug-related topics
I need clarification. At 15:35 you add 2 subnets. Are these the active local subnets within your domain that the vpn will connect to?
Thanks. Great video!
If you are talking about during the split route area those are the networks you wish to be accessible.
when you use your real PC connect to lab, is it will be loop?
Don't you need deep packet inspection for av and app control on encrypted connections?
how to create VPN for all Network Access ( IT Team ) & How to access specified Network Allow to any user ( Common User )
Hey Fortinet Guru, how do we restrict SSL VPN connections to only company machines?
How about a start to finish SSL Cert for the Fortigate so I don't have to see the warning in Chrome every time I access the firewall. From generating CSR, Filing out the SSL request, CN, Domain etc., then what to import back in. I'm hung up on the issue that I don't understand the CSR asks for domain name, its not a domain its a router. I access it by xx.xx.xx.xx not myrouter.com.
HI Gary, I had the same issue and it took me just a couple of clicks to solve it.
First I have created a subdomain for VPN ( A record on public company DNS manager) VPN.MYCOMPANYSITE.COM which points to my Fortigate Public IP address. Make this works first.
Then generate the CSR where the domain name will be VPN.MYCOMPANYSITE.COM.
There are a lot of tutorials on how to generate CSR and Import them , for example : www.ssldragon.com/blog/how-to-install-an-ssl-certificate-on-fortigate/. I bought the cheapest SSL certificate and it works perfectly. ( just for domain validation). If you want fancy stuff, with SAN or VDOMS ... go with CLI
Really looking to get the SAML auth working on SSL VPN. Even Fortinet support doesn't really know it yet. Has anyone been able to get SAML working with Google or Azure?
Good video thanks - Question do you have any SSL computer certificate authentication videos or guidance
Not yet. Soon
how do you filter what each user can access through the vpn?
Hi I tried this after watching your video.. SSL VPN portal works without any problem.. but forticlient not establishing tunnel connection with remote gateway.. is there anything I need to check specifically??. Fyi, portal is set to full access...
Hello.
The idle timeout for the SSL VPN usually fails. Changing the 300s time also has no effect.
How can this be dealt with?
bro how can you set it up so users can log in with their azure credentials
Hi...network speed automatically slow down when i login to SSL VPN. Before login in to VPN speed is good. please suggest what to do
VPN connects but then how do you remote access the computer at a different site? Tried RDP but kept failing??? I'm so confused on the final step that no one is ever explaining..
can you upload latest firewall 600e with New version 7.0
is there an option to increase session time on forticlient ? Because, allways up options is not free. Not seems good to have a VPN that have a session time. For the real life scenarios, that make a lot of problems.
I was using 80C, 90D. Was told that support for firmware will cease this yr for 80c. maybe next year 90D. which model will you recommend for replacement if these are going to be out of support? Thank you!
When I use GMS it's just a loud distortion soft what's up with that?
SIR CAN WE CREATE A VIDEO IN VPN USER NOT WORKING IN 10 MINUTES AFTER VPN AUTO DISCONNECT POLICY CREATED NOTIFICATION ON MY PC
Hi, Thanks for the Video, for remote gateway we need a Public IP Address right ? or in order to connect FortiGate VPN we need a Public IP address ?
It can be public or private.. Depends on how your network is connected....
Great
Hello dude, i have one question...i need to connect 300 users via vpn to access my web app, but i have only small Fortinet 60F. Is it possible to use 60F for that number of VPN users (SSL VPN). They will not be concurrent connected to my system, only as needed. Thanks in advance for answer and i have to tell you that your channel is my favorite one.
The concurrent user limit is 200
Ya gonna need a bigger box.
Hi fortinet guru, for a v5.6.1 fortigate host check standalone, does it only check AV and firewall, or other things?
There is no "Firewall" under "Policy & Objects". Did it get moved? Currently running FortiOS 6.0.4(GA)
You know they like to move things around. Making new videos this month and beginning to push them out.
I need to deploy the Forti VPN client to a few hundred laptops via GPO. Previously (v6) i used a Forticonfigurator to create an MST with custom settings i.e. remote gateway address, custom port, etc. The Forticonfigurator only supports up to version 6. Any ideas on how best to customize the installer for newer version?
Buen día, realice la configuración y me da acceso solo con datos, con wifi me marca error de DNS, a que se debe este errror?
i did the same but idid not get my office ip , so i cant access software
I have problem with error -12 when connect reach 80% . How to fix
Thank you for this video. Does it make sense that my users are have to connect after 8 hours of use? Do I need some sort of license to avoid that? Thank you.
8 hours is the time limit you have set for a connection.
Hi @Fortinet Guru, thanks for the video. I tried out the split tunneling, I could connect, but could not pass traffic through to my LAN and I have a policy for my LAN. Kindly help
You literally barely gave any information here. What troubleshooting have you done? If any.