Fortigate connecting to another fortigate VPN?

Hello,

I have bought a Fortigate 50E recently, and Im trying to build a homelab.

I also have another fortigate in another country which I have set up a SSL VPN.

Maybe I have lack of knowlelge but I was thinking if it is possible to use that SSL VPN as a WAN 2 connection to my 50E fortigate.

So I have WAN 1 occupied with my ISP and it is working fine (all traffic is going there), and WAN 2 is a free port. Is there any way by SD-WAN, or any policy, or something else so I can have route all the traffic to WAN 2 if i want to ?

Thank you :slight_smile:

A FortiGate as an SSL VPN client was added as a feature in firmware version 7.0: https://docs.fortinet.com/document/fortigate/7.0.0/new-features/508779/fortigate-as-ssl-vpn-client

Firmware version 7.0.x does not exist for the 50E, and therefore a 50E cannot be an SSL VPN client.

It will be an IPsec VPN endpoint though

So I have WAN 1 occupied with my ISP and it is working fine (all traffic is going there), and WAN 2 is a free port. Is there any way by SD-WAN, or any policy, or something else so I can have route all the traffic to WAN 2 if i want to ?

I might be missing something here … but neither SSL VPN nor SD-WAN are magic. You need a second internet connection to connect to wan2 before you can use it for anything.

SD-WAN is irrelevant without the second network connection.

If you have one WAN uplink and one tunnel, all traffic will flow over the physical WAN uplink anyway, so you won’t be getting any bandwidth improvements nor load-balancing/failover resiliency. This setup is only useful if you want your “VPN client FortiGate”'s traffic to appear as if originating from the “VPN server FortiGate”'s public IP to the outside world.

I was going to say IPsec site to site but your post is far from the title. You want dual WAN links with just one ISP. Thats magic.

That’s exactly what i want. Not a failover or loadbalancer. Just all my traffic through the VPN tunnel even tho i will be using wan 1 (because i dont see any other option to have it as an imaginary wan 2).
So when i need to, i can use the VPN and have that public IP of my VPN server, and when is not needed i can go back to my ISP public ip.

Yeap i was thinking of site-to-site but i dont know if i can have it like a switchkill. Still working on it…