I'm setting up a new VPN gateway (Fortigate 200D) that will be serving both Forticlient IPsec and SSL VPN connections from client computers (not point-to-point).
My inclination is to put it behind a separate (already existing) firewall that will perform NAT, ACL, and UTM. (The UTM purpose to inspect traffic directed at the VPN system console, not the tunneled traffic.)
Is there any reason that I should instead expose the VPN gateway's outside interface directly to the Internet, instead of hiding it behind a firewall?
Products Solutions Support Partners Threat Research Contact Us