MikroTik

Head office FW is a Fortigate.
Branch offices MT.
Have some IPSEC VPN's from MT t o Fortigate - stable - but some sites have non-public IP address' and so want to use SSTP from branch MT to an internal MT behind the Fortigate.

Have tried to forward port 12345 to internal MT port 443 so I can use SSTP VPN but doesent seem to work - anyone have any tips or comments on that?

Thanks.

Can you provide some more details about your configuration? SSTP requires only a port (not specifically port 443) for HTTPs traffic to function, so there's no reason why it shouldn't work behind a FortiGate when correctly configured.

Other than that, I don't get why the fact that the branch office MT doesn't have a public IP address should prevent it from establishing an IPsec connection to a Fortigate sitting on a fixed public IP. Is that a company security policy that Fortigate's IPsec won't be used to support road warrior connections? How comes that the very same security policy doesn't prevent you from using another VPN to do the same (accept road warrior connections)?

(thanks for replies, this has surfaced again as an issue)

This particular branch office was a public IP but due to poor 4G reception with our usual carrier we had to go with one which gives us a private nat'ed IP - cant get ipsec working with one of those.

Hence wanting to punch through the Fortigate (not on 443 cause that is use for other services) with SSTP.

Edit.
Got it working - was due to forwarding issue with how I did it in Fortigate.