Hello,
It's possible to act the mikrotik routerboard as sll vpn client for fortigate? I have several devices should use ssl vpn from fortigate to access internal resource and i think if the ssl client vpn can be handle using mikrotik so all devices no need to use fortigate vpn client again.
Re: Fortigate VPN SSL
I don't know about SSL-VPN but, since both FortiGate and MikroTik support IPSec tunnels, you could try using that if you have the necessary access to the FortiGate device.
--
Backups are your friend. Always make a backup!
Please, export and attach your current config to your post if you want help with a config issue:
--
Backups are your friend. Always make a backup!
/system backup save encryption=aes-sha256 name=MyBackup
Please, export and attach your current config to your post if you want help with a config issue:
RouterOS v6 code
/export hide-sensitive file=MyConfig
RouterOS v7 code
/export file=MyConfig
Re: Fortigate VPN SSL
Interesting to see someone else with a similar problem!
As far as I know, Forti SSL VPN is proprietary (not the "standard" one, if there is such a thing). The term SSL VPN mean "encapsulating the data in a TLS session", but the details are often very different (authentication, etc).
A few years ago I can up with a "solution" to allow several hosts on a site to share a single FortiClient VPN. On the Mikrotik I create a IPIP tunnel to a minimalistic Linux VM, that runs the FortiClient Linux (CLI), acting as a router to pass the packets thru the VPN, that is conneted back to the Mikrotik.
Not a "clean" solution, but allows for a seamless use of the single VPN (when the customer dropped PPTP a few years ago).
Since I've switched to a x86 box (R86S) running ROS7, I've contemplating trying to create a container to host the FortiClient (x86 only), and get rid of the Linux VM. There are still a few details to sort, because NAT needs to be done in the container (that has the VPN interface).
So, at this time running a Linux VM sounds like the only solution. But if you already have VMs, not a bad idea, as the result is seamless (may need some DNS magic too).
As far as I know, Forti SSL VPN is proprietary (not the "standard" one, if there is such a thing). The term SSL VPN mean "encapsulating the data in a TLS session", but the details are often very different (authentication, etc).
A few years ago I can up with a "solution" to allow several hosts on a site to share a single FortiClient VPN. On the Mikrotik I create a IPIP tunnel to a minimalistic Linux VM, that runs the FortiClient Linux (CLI), acting as a router to pass the packets thru the VPN, that is conneted back to the Mikrotik.
Not a "clean" solution, but allows for a seamless use of the single VPN (when the customer dropped PPTP a few years ago).
Since I've switched to a x86 box (R86S) running ROS7, I've contemplating trying to create a container to host the FortiClient (x86 only), and get rid of the Linux VM. There are still a few details to sort, because NAT needs to be done in the container (that has the VPN interface).
So, at this time running a Linux VM sounds like the only solution. But if you already have VMs, not a bad idea, as the result is seamless (may need some DNS magic too).