Fortinet VPN as a basic function of every FG / FWF

Virtual Private Networks (VPN) enable secure, encrypted connections to private company networks and resources. For example, a user can access the central network from his home office or on the road via VPN using an encrypted connection. VPN connections cannot be read or manipulated by unauthorised third parties and access to sensitive information is thus prevented.
Fortinet offers VPN options, both via its FortiGate appliances and via the functionality integrated into the FortiClient. Using two FortiGates (or standards-compliant third parties), many different locations can be securely connected via a VPN in this way.

  • Hub and Spoke for enterprises: Hub-and-spoke VPN configurations allow multiple remote sites to be connected without the need for dedicated connections for each site. An ideal application for this design is to transport VoIP traffic over VPNs to reduce long-distance call charges. Fortinet's bandwidth management features allow VoIP traffic to be prioritised even with a VPN connection.
  • SSL or IPsec?: In recent years, two standards for encrypted connections have become established: IPsec VPNs and SSL VPNs. While IPsec VPNs are primarily used in so-called site-2-site connections and centrally managed mobile terminals, SSL VPNs have established themselves primarily in so-called clientless (e.g. Internet cafĂ©) environments.
  • IPsec VPN: suitable for classic Layer3-based applications in which an encrypted connection is established between two devices. SSL VPN offers advantages in the area of web applications, where a secure (SSL-encrypted) connection is established between the web server and the web browser.
  • Fortinet supports both standards in a highly convenient manner and a variety of options for individual configuration and administration. On FortiGate systems, IPsec and SSL VPN connections can also be used simultaneously.
  • VPN services for MSSPs: With Fortinet, MSSPs can provide a highly secure VPN service by linking the integrated VPN engine with the other UTM modules. This allows incoming and outgoing traffic to be scanned for malware in real time and only then released to prevent the spread of malware within an enterprise VPN.
  • PPTP: The FortiGate is also PPTP-capable, but we do not recommend it because the PPTP connection is unencrypted. Therefore, anyone can read the network traffic.
  • Another plus is that Fortinet's flexible VPN architecture allows interoperability with all standards-based IPSec VPN gateways. Regardless of the VPN device the customer uses, the centrally implemented FortiGate system ensures malware-free VPN traffic.