FortiWalkthrough - IKEv2 Native VPN Clients with Certificates and FortiGate

No video

FortiWalkthrough - IKEv2 Native VPN Clients with Certificates and FortiGate

Рет қаралды 11,252

FortiQC

Күн бұрын

Пікірлер: 18

@TomWhi 3 жыл бұрын

This is the best video I’ve seen on the topic! I wish KZbin had brought me here a lot sooner because I’ve been through real pain trying to setup VPN on my own. I am going to set this up in a lab though, your walkthrough on certificates and NPS were also really helpful. Cheers!

@PePFuLLy Жыл бұрын

Excelent video, thansk for making it. Quick comment in regards to splitting traffic on MacOS. I did sort it out by forgetting the split tunnel check box and setting phase2 selectors as type name and use group of src and dst addresses.

@lloydsmart1 3 жыл бұрын

Nice video! This is almost exactly what I'm looking to do with Windows AlwaysOn VPN. Couldn't find any other documentation about setting it up with FortiGate so thanks a bunch for this - will be very helpful!

@NicholasRichardson 3 жыл бұрын

Ditto - did you get Always On working?

@lloydsmart1 3 жыл бұрын

@@NicholasRichardson Got the user tunnel working, but device tunnel had to be passed through to a RAS server, as I couldn't find a way to do machine certificate-based authentication on the FortiGate. (Not RADIUS-based, just "accept anyone with a machine cert from this CA"). Also, Windows doesn't natively support any kind of Peer ID (that I can find), so I had to put these on separate IPs, i.e. vpn.mycompany.com for user tunnel and devicetunnel.mycompany.com for device tunnel. It's not as neat as I'd like, but it works.

@rorytoop5698 3 жыл бұрын

@@lloydsmart1 Helpful info. I'm playing around with my FG to use for AOVPN as well but I really want a device tunnel with machine cert so I'm also just setting up a RAS server. If you need to use it for thing why not just use it for both? Resource management? In my case its a small organization with limited people connecting so its probably a non issue. Would have been nice to use the FG since it works so well otherwise.

@thelachlan4843 2 жыл бұрын

@@lloydsmart1 I found a way to perform machine based authentication on the FortiGate using the native windows client to connect. The only problem I have is that some machines present the incorrect certificate to authenticate with upon connecting and cant work out why. So far I cant see any difference between the machines that work and the ones that don't, driving me crazy...

@lloydsmart1 2 жыл бұрын

@@thelachlan4843 Wow great progress! How did you do it?

@vicmaxabc 2 жыл бұрын

Thank you! Amazing video!

@abubruno 2 жыл бұрын

What a great lesson!

@fortiqc144 4 жыл бұрын

3:23: The "certificanation" authority... you see, I am Canadian, and therefore we have "certifiCANation" :) I've updated the links on this video to include various Fortinet public documentation references related to this walkthrough. I also published the configuration I used on pastebin - you would want to adapt that to your peculiar setup.