- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Z3C with 3rd party vendors - IPSec VPN
Hi,
We are in need for a device which will be connected to one of our fortigate in our datacenter via vpn tunnel. We are looking for something flexible and easy to deploy and we set sight to Z3C. Is there any problem with Z3C when it comes to establishing VPN tunnels with fortigate?
BR Nik
Solved! Go to solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I think you'll be creating a lot of pain for yourself. These usually sit behind home routers, so you'll probably need to setup port forwards on those ISP devices, and then most ISP connections use dynamic IP addresses - so you'll have to cope with that on your Fortigate.
A much simpler solution would be to also get a little MX67 and run it in VPN concentrator mode, and sit it behind your Foritgate. The Z3s can use AutoVPN to automatically build a VPN to that device. On your Foritgate you would then just add static routes via the MX67 for the remote sites.
https://documentation.meraki.com/MX/Deployment_Guides/VPN_Concentrator_Deployment_Guide
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
as long as the security policies and included subnets match on either end it should work. a google search found a few blogs in which people got it working. some even included screenshots of both the meraki and fortigate configs.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I think you'll be creating a lot of pain for yourself. These usually sit behind home routers, so you'll probably need to setup port forwards on those ISP devices, and then most ISP connections use dynamic IP addresses - so you'll have to cope with that on your Fortigate.
A much simpler solution would be to also get a little MX67 and run it in VPN concentrator mode, and sit it behind your Foritgate. The Z3s can use AutoVPN to automatically build a VPN to that device. On your Foritgate you would then just add static routes via the MX67 for the remote sites.
https://documentation.meraki.com/MX/Deployment_Guides/VPN_Concentrator_Deployment_Guide
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks a lot PhilipDAth, I think one-arm vpn concentrator is a solution here as we can standardize this and manage it easier.
