fortigate site to site vpn configuration step by step

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hi everyone welcome back to my video so in this video we will learn together on VPN hubspoke VPN configuration this is we will learn with the body get firewall okay so if you are new here watching my video so please subscribe to my channel and don't forget to give the thumbs up if you like my video okay so I have spoke VPN is the the configuration that we can configure uh the the one hub with many many spoke so for example you have a one AQ office and then you have a many brand office all around the world so you can configure side to side VPN okay with a different brands with XU so uh between the the brand to Brand you no need to configure the VPN side to side it it will automatically routing using uh Dynamic route protocol over the side to side VPN and we call it the auto Discovery VPN with the HubSpot configuration okay so I think we go to the lab together and I will explain more on the diagram and we go straight to the lab on gns3 okay okay so this is our chin S3 blank project so before we start our watch industry lab I would like to explain you a little bit about our lab diagram here as you can see we have AQ help here here and we have a two Psi Psi a and PSI b as a Spoke so we will configure ad VPN using ospf routing protocol so it means that we need to configure side to side VPN between Hub and spoke a side to side VPN between Hub and spoke B after that uh spoke and spoke B it will automatically can communicate with each other by uh Hub and spoke VPN we we call it the advpn so we now need to configure scientos ivpn between PSI and side B uh it will automatically can communicate with each other using ospf routing and we call AD VPN okay so for each side in this lab we have to we learn for each side so you can uh configure based on your own network environment so this is just an example of our lab here okay so we go back to our lab and please give me two minutes I will uh draw a network diagram and we continue to our configuration thank you [Music] thank you [Music] [Music] now we start with our body cat here we start with the I will forget and reassign the IP address of our bodyguard so for this for this AQ for the geta let me one minute let me add some more information [Music] okay so let's start with our EQ before we start we go back to our diagram here so this is our EQ and I have some configuration node here I have this node we need to create our interface for our VPN so before we start we go back to uh our for the get and we assign the IP address of our van here okay so the first log in username admin without password and we set new password okay also admin um [Music] okay so this is our Grand IP okay Okay so [Music] I start for the get at side a okay so now we we already configure our when IP of for the get a q so we can access uh our AQ by web browser uh 100 one okay I can say EQ so now I create a VLAN for our local land on AQ okay here however we land so we go to Network in the first part one it will be when okay when and then portal click on okay [Music] [Music] [Music] 20 and this one will be 20. okay so well okay okay so now we have VLAN 10 VLAN 20 and we want to create uh local Zone Lucan [Music] okay I want to add Lantern VLAN 20 okay okay so now here we cannot create this VPN using this uh interface configuration we we need to go back to our common line here and we create followed by this step my node here okay so we can say config VP and PC first one interface and then we did a dvpn hub okay [Music] [Music] thank you okay so I think we I think we miss One Step here did the mid time okay so we need to do it again it did VPN um okay set set time oh sorry I didn't make okay said in the face part one set peer time and then check the device and one set proposal dsmd5 it's not one okay dpd and I don't know edible password okay okay so now we create our first one interface for our VPN tunnel we continue to configure uh about VPN in phase two as well yes so now we already configure our VPN interface so we go back to our web browser and we configure our VPN by web browser okay so now we go to okay here where we land and then when part now we have this interface interface that we just created at the moment we click on it and it did okay so we can say the DVP and hub okay and then ping IP IP we can say 10.10.10 dot two five four and 10.10.10.253 okay 24. okay so we use uh 24 subnet for our VPN because uh you will have many uh many uh spoke but for this example we we have two spoke okay after that we go to our ip6 uh IPC channel here and we did some setting this one uh this route here we want to disable the route okay receiver with this ball okay detect okay so this one we can we can edit you can add more you can add more uh our encryption here okay you can add the s okay and then um [Music] okay [Music] okay so now this one we keep it like this so it will be go to any uh local address and remote address we not specify for this lab but you can specify our local VLAN uh based on your own configuration of your VLAN address you can you can specify it if keep it like this it means that all IP address and all destination address just you can communicate with each other after the VP internet is up okay so now we already create a web internet on on our app so we we we continue to to uh configure our local here oh sorry [Music] [Music] foreign [Music] as a trunk pot to connect with our firewall and then we can figure our VLAN okay so now we start our PC and test with our client to get IP address from our firewall we land 10 and VLAN 20. okay correct this one it will be VLAN 20 . [Music] okay so now we continue to PSI a so side a I will be okay so uh it will be one zero two for the sign a okay and the ball VM configuration and we go to our web browser and we try to log in by web browser okay now here we go okay Facebook okay so now side is 4 this is our AQ ham and I go to system setting and then I I go to here and I select here so I want to change the the this interface to Blue so we're not conscious with each other this is AQ this is a sign a Spoke okay now we go back to our interface and we edit part one this will be when okay okay VLAN City okay we learn safety under this Pawn City [Music] sorry okay this pizza one question two okay and then I want to create one zone for local relearn look look Colin okay so now we already configure our local land now on the van part we need to create a VPN interface okay so after that we have the Whip and interface and with the internet here okay so with the and it will be create on when part okay so we we go back this is uh I will create our Command to create the uh VPN interface on on this okay now we are on the side a Spoke so we configure VPN S1 interface we did spoke a okay set interface part one how about when part set peer tab any set net device and the ball sent proposal the escent dsr1 okay and then set dpd on either set oh [Music] Discovery this one it will be a receiver okay and wall set remote Gateway remote Gateway is our van here our van IP so our when I pay [Music] okay this is our van IP and then uh our password one two three one two three okay [Music] okay foreign and then we continue to configure our phase two interface okay [Music] it didn't spoke here and then we spoke air I said d e s md5 Jesus so I want okay set a door negotiation and one okay done so now we go back to our okay I was I a here now we can see our interface VPN interface here we select on it and it did okay you can say spoke a okay and then IP address this one I can say sorry 10.10.10 Dot uh uh we can save one okay sorry 10 .10 .10 done 255. 24 this is a this is our VPN IP of on on our EQ hub they go back to our network interface okay so here how about we uh with an interface IP of XU so we put this IP and this is the local IP of this side a okay and then we go to VPN to now and then we edit [Music] thank you foreign [Music] so we go back to okay so now we continue to our switch here on sign a [Music] [Music] okay so now we have uh configure our switch we start our client and then we uh check on our client to get IP address okay so our client can get IP address now we go back to our firewall now we already created our uh interface for VPN and VIP until now but what we've done is not yet up so we need we need to go back to this HQ and go to firewall policy create some policy for our VPN [Music] foreign [Music] interface okay this is our local land and then we not specify any sauce and that destination for this lab we just uh select all but you can specify your own network address here and for this nut we don't do the nut okay okay so now we we need one more policy oh yeah ow okay and the world is pretty okay with this we have this rule and then we go back to our uh sign yeah [Music] the policy as well okay [Music] okay so now we already have our policy here so we go back to our VPN to know okay so now we can see that our our VPN is up okay about VPN is up and we can see here as well okay so here we can see that we have the this uh IP address that we configure the VPN okay we go back to our EQ we also have this with internet app as well okay okay [Music] so now if we go back to our client and let's here our villain for tea we learn 40 here let's try to pin to VLAN 10 on okay I think we we missed one we missed one one more step we go to network in the first static route okay we need to create our default route to our when okay [Music] this is a Kevin part and Network [Music] okay okay when when pot okay so now we go back to our this is okay VPN try again sorry everyone so actually I forget I forget one more step okay one more step we use osps routing our VPN is up but we cannot communicate our sign a to to uh AQ Hub because we not yet configure ospn routing so we need to do one more step in order to complete our setup configuration here so we go to ospn Cloud ID I can say this is our AQ okay area we can say area zero okay Network if we select area zero our Network we have 10.10.10.0 24 and then we have VLAN 10 Network okay and then we have will we learn 20 Network foreign [Music] okay so this is our osps we apply and then we go back to our site a Network osps okay okay so now we we're done with a osps routing we go back to our we go back to our uh [Music] firewall and we check our VPN status again can we okay okay so now we can see the our vlans T and VLAN 40. uh using VPN VPN interface okay so our routing we use osps didn't make osps routing protocol okay uh we go back to side a and then we can see that VLAN 10 and VLAN 20 we can connect to this by VPN interface using osps okay so we go back to our pc1 here we ping to VLAN 40 at uh PSI a okay let's try again okay so now we can communicate with each other so pc1 to pc4 at this side a okay so now we already configure our VPN side to side between side a and AQ help one more thing we need to continue with our website we here okay side B here we need to to do the same on the uh PSI a configuration okay so let's continue to our site B we start our console wait for a moment in other to let our firewall to start up now our five wall is done up okay thank you okay so now uh oh sorry everyone uh 102 is our 100 is a I was like basically everyone around my mistake okay one zero three so we go back to our browser and we log in by web browser one zero three okay okay so this one will be inside okay side B spoke and then I go to system setting I want to change the uh in the first look like okay like this the term okay so this is our this is our spoke air I was supposed to be this is our EQ if you have okay so we go back to our Network in the first part one it will be when part okay and we have two-wheeland as well 60. 16. okay okay so now we have uh we learn we need to create a uh VPN interface and we enter now on when part okay so we go back to our configuration so our configuration we spoke with confit VPN ipsec press one interface oh sorry it did okay we can say spoke me okay yes I want Saturday today okay foreign part here we go to edit okay spoke me okay and then IP address it will be sorry 10.10.10.2 and this is our VPN app IP address okay okay so we have here we go to VPN to now okay so this one will be fine and probably this ball authentication we add we add okay and then this one yeah okay so and then I will repeat and not yet app we need to configure our default route when part we need to configure our policy hello a q I know EQ in in the first spoke B uh the color and sauce all destination or service or with this Walnut okay and then we need one more this one will be oh okay okay so now we have our policy here we go back to our VPN we can say about VPN is up okay uh now our VPN is up okay so what we've done is up we go back to our [Applause] AQ about VPN is up okay so we can see that we have these two clients with an PSI client or we can say well we can see we have to okay these two uh PSI a and side B okay so now uh I was I was saying a and side B now can communicate with the AQ but we need to configure our osps routing on site B in order to allow our client can communicate with each other So currently I need to configure our switch here one more step okay [Music] connected [Music] okay so now celebrity [Music] okay so now uh one more step that we need to configure is we go back to our side B and then we go to osps configuration okay we need to configure our osps routing we have a okay sorry 1150 VLAN 16. apply okay wait for a moment our VPN will update the route okay so we go back to our AQ not yet updating the route we can see only VLAN City and we learn 40. okay okay okay so now we land 50 and we land 6t we can see our VLAN routing using ospf protocol by VPN interface okay we go back to our okay we also can see uh this VLAN using uh VPN interface okay so now our side here and our side here can communicate with AQ but uh this side a and side B we we can uh C sine a and side B uh also but uh what we say uh we no need to configure um side to side between side a and side B okay and we call it the ad VPN okay this is uh a d VPN be between sine a and inside me okay so this is our our VLAN 60 on side B we try to Ping we try to Ping uh we learn 10 on our EQ here we can ping so if we try to Ping VLAN for t on PSI a we can ping or not we cannot ping so why we cannot ping because what now we can see that this is our VPN VPN is up and then we can see our Network routing we can see each other we learn 40. VLAN City we learn 40 but why we cannot ping because our AQ we need one more policy in order to allow the traffic between sign a and side B okay so we can say hello ad v p n spoke okay so for this interface we need to select here incoming I'll go in also we need to do this one because the traffic will be round from PSI a to HQ and then from eq2 side B okay here as you can see our VPN side to side from spoke a to have spoke B to help and then between PSI a and side B it will be a d VPN okay we don't need to configure side to side anymore okay if you have another side or another spoke you can do that okay so we go back we select all all okay and we go to our client and we try to check okay now we can print between PC here PCC on VLAN on VLAN 6t at PSI let me move it a little bit smaller okay okay so now you can see I close some okay PC one two three four five six pc6 on VLAN 60 outside side B we can ping to VLAN 40. okay can we ping to VLAN City can how about we land set t we try to Ping two VLAN 6t can okay so this is our side to side VPN and then hubspoke we have one Hub to spoke here I think this is all my lab here we come to the end if you have any other question you can comment below in my video thank you very much everyone for watching my video Until the End
Info
Channel: TAN Kirivann
Views: 2,081
Rating: undefined out of 5
Keywords: Tan Kirivann, Kirivann, fortigate, fortinet, fortigate site to site vpn configuration step by step, vpn site to site, fortigate ipsec vpn, advpn fortigate firewall, vpn remote access, how to configure vpn site to site on fortigate firewall, GNS3 VM, Cisco ASA, CCNA Security, IOU cisco image, CISCO Switch, vpn tunneling, vpn ipsec, vpn ssl, cybersecurity, how to configure router on a stick, GNS3, how to configure DHCP Server for vlan, routing, Networking, ccna, cisco, gns3 vm, switching
Id: XOmLAEEkl7g
Channel Id: undefined
Length: 58min 52sec (3532 seconds)
Published: Sat Aug 19 2023
Related Videos
vpn sdwan fortigate
TAN Kirivann
599
ospf configuration step by step
TAN Kirivann
3.1K
Redington & Fortinet-FortiGate IPsec VPN:Site-to-Site &Client-to-Site Webinar Session-1st April 2020
DigiGlass
20K
Site to Site VPN Configuration on FortiGate | Lab GNS3
KBTrainings
8.2K
Setting Up a Site-to-Site VPN on FortiGate | GNS3 Lab
Aloui Hosni
525
Mastering Site-to-Site IPSec Tunnel & SD-WAN Setup on Fortigate
Static Route
15K
zabbix server add host
TAN Kirivann
1.6K
How to configure GNS3 access to Internet
TAN Kirivann
21K
how to configure cisco core switch HSRP active active
TAN Kirivann
977
How to configure VPN site to site on Fortigate
TAN Kirivann
27K
FortiGate v7.2 IPSEC Basic Configuration & Troubleshooting
The Network Berg
17K
Configuration D'un VPN Site à Site Sur FortiGate | GNS3 Lab
KBTrainings En Français
12K
how to configure pppoe on cisco router
TAN Kirivann
1K
how to configure sdwan rule advpn on fortigate firewall
TAN Kirivann
1.1K
Dial-Up VPN Setup WITHOUT Static IP! | FortiGate Configuration Guide
Static Route
1.6K
FortiGate Site to Site IPsec Aggregate Tunnel
Verifine Academy
3.3K
how to configure cisco core switch HSRP integrate with fortigate firewall
TAN Kirivann
492
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.