Hi guys.
Im kinda new using fortigate, i need to stablish a vpn tunnel between 2 sides. In one side have Static IP but in the another side i have dynamic ip, so i read about using FQDNS. But its no clear to me, as far i know i can make the site without static ip point to a custom dns using fortiddns, so the other site will point to this and stablish the tunnel.
Can someone guide me ?
Make it dial-up on the vpn type, then the IP of the other side won’t matter.
You can point one site to the static ip, the other side to the FortiGuard DDNS. It is in the VPN wizard. If you are on an older firmware the point is missing, but you can do it temporarily with the current dynamic IP and convert it to a custom tunnel. Then you can choose dynamic DNS for the remote side.
The easiest way is to use the VPN wizard and setup your site to site tunnel with one side having a static IP, and the other using DDNS.
I have lots of tunnels setup this way. (I even have a few tunnels with both sides using DDNS.)
It is a relatively common config, and is addressed by the VPN wizard.
We have the same with one of our customers, we use the Dial-up function in the FortiGate under VPN. Works beautifully!
I would note that FortiGuard DDNS will cause the tunnel to go down when the DNS is no longer working. I have had this happen many times. If possible, I would get a DDNS provider and use a 3rd party tool to make sure the ip is correct.
I’m not a fan of the VPN wizard. It doesn’t use the best proposals or security settings by default, and leaves a bunch of artefacts in the comments for objects it creates, uses default named groups in the policies, etc. which triggers my OCD – you can clean all of this up obviously, but it’s as much, or more work than just doing it manually.
Whenever I start a project for a new customer and see VPN wizard entries everywhere I cringe a little as it more often than not suggests there are going to more shortcuts taken elsewhere.
(But yes, it is an easy approach for less advanced users).
All good points.
I don’t use it anymore, either, but it is among the fastest ways to help someone who lacks experience with the config.
I’ve done mine manually for years at this point… 
