Fortinet black logo

Handbook

FGCP support for OCVPN

6.0.0
Copy Link
Copy Doc ID 4afb0436-a998-11e9-81a4-00505692583a:956274
Download PDF

FGCP support for OCVPN

You can set up a One-click VPN (OCVPN) on an FGCP cluster without any special configuration steps. When you add an OCVPN configuration, the FGCP synchronizes the configuration to all of the FortiGates in the cluster. When an OCVPN tunnel comes up between a remote client and the cluster, the OCVPN communicates with the primary FortiGate. The FGCP then synchronizes the VPN sessions to the other FortiGates in the cluster. If a failover occurs, the OCVPN sessions fail over to the new primary FortiGate and the OCVPN sessions continue with only minor interruptions.

A standalone FortiGate OCVPN configuration is not compatible with an FGCP OCVPN configuration. If you set up OCVPN on a stand-alone FortiGate, before you add this stand-alone FortiGate to an FGCP cluster you must disable any OCVPN configurations, set up HA, and then re-create the OCVPN configurations after the cluster is established.

The reverse is also true. If you decide to convert a cluster with an OCVPN configuration to a stand-alone FortiGate, you need to remove the OCVPN configuration, set up the standalone FortiGate and then re-create the OCVPN configuration on the standalone FortiGate.

FGCP support for OCVPN

You can set up a One-click VPN (OCVPN) on an FGCP cluster without any special configuration steps. When you add an OCVPN configuration, the FGCP synchronizes the configuration to all of the FortiGates in the cluster. When an OCVPN tunnel comes up between a remote client and the cluster, the OCVPN communicates with the primary FortiGate. The FGCP then synchronizes the VPN sessions to the other FortiGates in the cluster. If a failover occurs, the OCVPN sessions fail over to the new primary FortiGate and the OCVPN sessions continue with only minor interruptions.

A standalone FortiGate OCVPN configuration is not compatible with an FGCP OCVPN configuration. If you set up OCVPN on a stand-alone FortiGate, before you add this stand-alone FortiGate to an FGCP cluster you must disable any OCVPN configurations, set up HA, and then re-create the OCVPN configurations after the cluster is established.

The reverse is also true. If you decide to convert a cluster with an OCVPN configuration to a stand-alone FortiGate, you need to remove the OCVPN configuration, set up the standalone FortiGate and then re-create the OCVPN configuration on the standalone FortiGate.