Fortinet | IPsec Site-to-Site VPN Setup on FortiGate Firewall | DAY 18 | Fortinet NSE4 Training

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

Hello friends welcome to my Channel today is the day 18 for our 48 firewall Series so in this video we are going to understand how to configure side to side VPN in fortigate firewall okay so in this video I am going to cover what is side to side VPN like with the scenario I'll be explaining what is side to side VPN and step by step I'll be configuring VPN in for Ticket firewall and I'll be explaining each of the steps why we are doing that particular step so it will be a detailed video for practical of side to side VPN between 248 devices right if you guys want like uh 48 to Cisco or 40 gate to follow all to something like that you can request in the comment section of the video I will make a new video for that but specific scenario and also I'll highly recommend you to please watch this video till then so that it will be easier when you are establishing a side to side VPN and it is a very kind of a daily task that you guys will be getting in case if you are working with some kind of vendor company where the service will be provided to your customer troubleshooting configuration everything you will be getting for side to side VPN so I'll highly recommend you to watch this video till then so that you can understand and you can apply to your day-to-day activity and also I'll request you to please subscribe my channel and hit the Bell icon so that you never miss a break from me so without any further delay let's get started [Music] so friends uh before we gonna start and understand side to side view pin I'll highly recommend you to please watch the day 17 video because I have explained encryption decryption uh what are the algorithm that works with side to side VPN everything I have explained in a very detailed manner okay so maybe what I can do is I can link that video in that I button you can click it and you will get that particular video or else you can find that particular video in description box as well okay so please check out and then you come to this video okay so let's get started from here okay so side to side VPN as the name suggests we are connecting one side to another side okay with the help of this diagram we'll try to understand okay so now we have one headquarter and we have one branch now we we want to connect the internal network of headquarter to Branch internal Network this is our this is the connectivity that we want to do now it will go through for to get firewall okay now as this is internet internet is having a lot of bad as well as good things that is happening but when we want to send a sensitive data or some kind of private com conversation that we want to do for the organization purpose in that case security is must so for that reason we will be encrypting that particular traffic inside the VPN tunnel so that whatever you are talking on this tunnel nobody can see on internet basically okay so side to side VPN is basically I am connecting one site to basically another site so maybe your site is in US okay and this site is in India something like that okay so basically side to side is nothing but a one basically subnet to another subnet okay one a branch to another Branch or headquarter or anything whatever comes in your mind basically one office to another office something like that okay now we'll go to the topology and will try to understand the topology and we'll do a practical very very detailed steps okay there are few other methods not few only two methods that way is possible one is manual one is basically a template which is already created for VPN which I will be explaining during the Practical of side to side VPN okay so let's move on to the Practical okay and then we can get started with the device configuration so friends let's move on to the lab now so this is our topology and let me explain you about the topology first so this is site one and this is side two okay now we have 148 over here 140k to here now this 40 gate will be managed through Port 1 okay so here you are seeing Port 1 and here also we have Port one which is basically going to the switch and the switch is connected to our local PC so we will be managing through Port one okay now Port 3 is dedicated for our inside Network okay and Port 2 is connected to Internet basically okay now our Target is to connect 10.1.1.0 Network 220.1.1.0 so this is our Target this is what we want to achieve on our lab so we will be configuring side to side VPN onto this 40 gate firewall gateways and we'll see whether the traffic between these two firewalls are getting encrypted with the help of our configuration or not so this is our Target so let's move on to the console of for ticket and will do the configuration so friends this is the dashboard of vertigate firewall so first of all we have done our initial configuration so we have done the IP addressing for management for outside interface and for inside interface so the configuration is already been done from IP point of view okay so this is site to firewall we have to go to hide one firewall okay and we have already configured the IP addresses so now the first thing that we are going to do is we have to configure the tunnels okay so for that reason we'll go to the VPN first and we'll go to the VPN tunnel okay now we are going to create it VPN tunnel okay now we have few options over here this is the there are two ways we can do it okay one is basically a template type okay so side to side VPN it is already been like uh if you choose this basically this is the very simple way to configure VPN like related to static route or I can say the policies or basically it will create all the things for you okay and your algorithm everything will be choose chosen by 48 itself so it is very simple everything is basically automated okay now once you choose Custom Custom meaning that if you have Polo Alto device or let's say if you have if you want to set your parameters in that case you can go for custom okay something like that okay even for Cisco as well we have some template in for Ticket firewall okay so let's move on to the custom because we need to understand the steps that is the reason so this is site one we'll just type it like this name and we'll go to custom and we'll go next okay now in site one we can put any comment if you want okay now here we have some ipv4 address one is static IP address so static IP address meaning that you have to define the IP address of the public IP of other site for ticket so we are just going to Define that so 200.1.1.2 right now from which interface this will be reachable okay so port number three right or it's port number two sorry okay now if you want to enable the TV Natty I have not covered it now so we'll disable for now okay we'll we'll do it when we have when we go through that particular session okay now preset key I'll just Define appreciate key basically okay now we have Ike version one or two we are using I version one right now okay now for phase one what would be my authentication or encryption so this is this this is this okay this is the only option that we are going to get is because we don't have license proper license that is the reason it is not allowing me to choose a higher version of encryption algorithm right now okay so by default it has chosen the Sha 256 now this is the DH group value 5 and 12 uh sorry 14 so I'm just choosing five this is the key life timer value okay which is there now I'm not going to do any extra because exoth is required when we are doing remote VPN or something but right now it is not there so we are leaving it just like that okay now we are moving further and in phase two our the only thing that we need to Define is uh we just need to define the local subnet so for us for site 1 the local subnet is 10 dot okay so this is 10.1.1.0 24 okay now if I go and do here this is the remote subnet for our site 2 right and if you have any other parameters needs to be added you can go to Advanced and you can enable all these options okay right now I'm just leaving it as it defaults okay and everything we have already con configured so remote IP address aggressive mode not main mode version one encryption DH values remote and everything we have selected we just need to click ok okay I guess we have to choose another proposal as well uh oh no I have to delete all this let me delete all this and we'll just choose this and we'll click ok so our side to side VPN tunnel is ready now we have to define a static route and we need to Define one policy okay let's go and do it so friends now we'll go to the network and we'll go to the static routes and we'll Define an route okay so how what which route that we need to Define to reach 20 how we gonna reach it so we'll Define like this so 20.1.1.0 slash 24 right so we want to reach over here and how we can reach it we just need to define the VPN that's all we have to do it Okay click OK and the route is already created now we don't need any other routes we'll go to the policy and we'll configure a policy okay now the policy would be something we have to create two-way policy basically so one is going from side one two side two and one is side one two side two something like this so we'll create a new policy name as VPN one okay now incoming would be Port 3 I guess where the traffic will be coming from Port 3 and it will be going to Port 2. right and the source would be I am just defining as all because I have not created the object so I'm just defining all all okay everything is done right now that is not required over here click ok ok service will be all fine and we'll click ok and one we have to create from port to 2 Port 1 because the traffic has to be coming from other side so VPN 2 that is for return traffic so it is coming from Port 2 to Port 3 okay all all and service is all and we don't require any Nat okay so the other side the other way around right so all these things will be from Port 2 to Port 3 and Port 3 to Port two so going from Port 3 to Port 2 and portal to Port three now we are going to perform the same configuration on this one now here we are going to choose the easier way so that both the ways we will be able to cover in a single video okay so now we will go to VPN we'll go to tunnels okay now we'll create a VPN tunnel now we'll just name it as site 2 okay now I'll be choosing side to side VPN there is no Nat between uh two firewalls if it is not then not enable will be there so that for this scenario we don't have any Nat device in between so we'll just choose that we'll go next and we just need to type the remote Gateway which is 10.1.1 Dot 1 which is reachable via Port 2 and we just need to define the pre-shared key okay next now our local interface will be Port 3 now it has already chosen the subnet okay I guess we don't need it now we have to Define the remote subnet so 10.1.1.0 slash 24 fine next created now the configuration is created if you go to the static routes site has like static route has been created if you go to the policy uh in the policy I guess firewall policy now from Port 3 to site 2 and side two two sides here so already been created right now okay so it is properly it creates an object and everything will be done from this side so you don't need to do anything it is automatically creates the static route the policy so it will be easier for you if you have the template or if you are connecting to one file for to get firewall to another four ticket firewall so it is very much easier for you to do it okay now we'll go and to this PC and we'll test the connection okay so now friends we'll go to the test machine and we'll try to initiate a test okay so basically we'll try to Ping ping the other IP address the pcip address will try to Ping it so we'll check what is the IP address of the specie so ip config if this is not visible for you guys so this is 20.1.1.1 right so we'll close this off and we'll enlarge this and we'll try to Ping 20.1.1.1 okay now see whether it's pinging or not so first and after that we can see the request reply that is coming in so we have connectivity now we'll go to the firewall and in the dashboard we have to go to the network and we can see it is green now and we can see incoming data outgoing data so basically we have tunnel that is built and if we go to the another one which is go to the dashboard Network and we see that the data is basically it's incoming and outgoing okay now if you guys want uh some kind of packet capture so basically what I'm trying to say is like directly in that to you so let's say if you want to do some kind of packet capture on this and this a packet capture if you want to read the wire share capture let me know in the comments I will try to create a new video for you guys okay the more the comment is the more the chances will be for that particular video the I'll request you to please subscribe my channel and hit the Bell icon so that you never miss a video from me if you have any suggestion related to my video please put it on the comment or send me an email or on Facebook or Instagram message whatever you want to do thank you so much for watching I'll see you in the next

Info

Channel: Bikash's Tech

Views: 15,401

Rating: undefined out of 5

Keywords: fortigate basic configuration, fortinet, training, fortinet firewall, fortigate firewall training, fortinet firewall tutorial, fortigate installation, fortigate firewall configuration step by step, firewall policy, fortigate how to, configuration how to, palo alto, bikash tech, NSE4 Training, FORTINET TRAINING, Fortinet, Fortigate firewall, Fortigate VPN, phase 1, phase 2, Main mode, fundamental of vpn, Fortinet: IPsec Site-to-Site VPN Setup on FortiGate Firewall

Id: 3JEp6JTJXI8

Channel Id: undefined

Length: 19min 10sec (1150 seconds)

Published: Tue Jun 20 2023