Comments (2)
CledersonE
commented on August 26, 2024
I also tried to use the 443 port for the VPN since the external load balancer protocol is configured only TCP (and not all as UNSPECIFIED), but still not working.
from fortigate-terraform-deploy.
mobilesuitzero
commented on August 26, 2024
Hi @CledersonE
As GCP's External LB traffic won't NAT the traffic to the private ip of the interface (https://172.16.8.3:10443).
In this case, you would probably need to have sslvpn listening on loopback interface and then create vip forward the traffic to the loopback interface.
Can take a look at the following URL.
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Unable-to-connect-SSL-VPN-on-Loopback/ta-p/192634
https://community.fortinet.com/t5/FortiGate/Techical-Tip-Access-SSL-VPN-from-Secondary-IP-only/ta-p/248259
https://yurisk.info/2023/03/21/fortigate-vpn-ssl-hardening-guide/#_move_vpn_ssl_listening_interface_to_a_loopback_interface
Otherwise, can just use other ha that doesn't use load balancer setup, and just have public ip associated to the wan interface directly.
Cheers
from fortigate-terraform-deploy.
Related Issues (20)
- Deployment of Azurevwan fails: IPSEC P1 Interface HOT 2
- External LB with Backend Service (GCP) HOT 2
- Issue with deploying ha-3ports configuration on GCP HOT 1
- fix(aws/6.2/ha/variables.tf): syntax error
- Comments have a single slash
- Missing hashmarks in terraform files to comment string
- Variables missing terminating quote
- Invalid quotes around type value
- Grammar fix in Azure README.md HOT 2
- terraform fmt --recursive HOT 1
- terraform fmt - missed some sections of automated formatting. HOT 1
- Inconsistent ip addressing mode for Azure deployments HOT 1
- sdn-connector configuration does not work by default HOT 2
- Public IP for Azure HA setup is not zone redundant HOT 1
- Configuration shows up in user data but doesn't apply to the instance HOT 9
- AWS Key Pair HOT 2
- Multi-AZ with only two firewalls? HOT 2
- Upgrade Fortigate HA Image Strategy (GCP) HOT 3
- Health Check Probe Responders (GCP) HOT 1
- bake-marketplace-agreement-into-iac HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fortigate-terraform-deploy.