So i have a couple of Fortigate 50Bs located at work. one for our production system (which i still mess with) and one on our testing side (which i stuff up cause i can). I have a requirement to get PPTP going through these boxes to whatever network is behind them.
So i set up both Fortigates exactly the same but the only difference between the 2 is that one has a Cisco Linksys ADSL router attached and the other one has a DLINK DSL-526b attached to it.
we generally setup our ADSL routers (Fortigate havent got an ADSL model out yet but the 60cx is comign soon) with all ports forwarding to the fortigates and let the fortigates manage the traffic.
So i setup both ADSL routers to forward all ports (1-65535) to the respective wan IP addresses of the Fortigate units.
Next the test, first i connected to our production system with the Linksys and the 50B, MAGIC it connected and i can get to our production network.
Next i connected to our test system, Verifying Username and Password....................................... Oh Dear.
Nothing!! oh wait let me check the specs on the DSL-526b ...... it says PPTP IPSEC passthrough ...... zzZzzzZZz what the hell is going on.
Maybe its a config problem on the Fortigate!!! did a backup of the config and restored it to the test system FG50B and changed IP addresses to suit, still no connection.
Also tried swapping routers...nope the problem followed our DLINK router, oh dear have DLINK shit on me again?!??!?!?!.
Well no they didnt, yet they didnt seem to make it obvious either that (and heres the solution to the problem):
If you want VPN Pass Through to work on a DLINK DSL-526b you MUST add PPTP as a forwarded port and not rely on just forwarding all ports.
That is a bit shit since Linksys for only a few dollars more will forward PPTP with no problem.
So let this be a lesson to you all, if you are going to setup an ADSL router in front of a firewall then pass the specific ports especially if its a $78 DLINK ADSL router, tehehe.
-Fr33ze
