Fortinet: IPsec Site-to-Site VPN Setup on FortiGate Firewall

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
in this video we're gonna configure two fortigates with a site-to-site vpn and at the very end of the video we're gonna have a link to a troubleshooting video in case things don't work let's get right into it okay so maybe take a quick screenshot of this page right here just so you have an idea of what the topology looks like the end goal here is we want 192.168.111 network to be able to communicate with the 192.168.112 network and vice versa okay so let's get started on 40 gate number two so first we access vpn ipsec tunnels create new ipsec tunnel and then we'll create custom we'll just name it 240 gate one okay so let's just put in the the address of the remote pier which is going to be 40 gate 1. it's accessible via our wan one interface from this firewall's perspective and then we'll just put in our pre-shared key and then we can leave everything else default we can always tweak as we need in the future here and then we'll create the local address so this is going to be the traffic that we are receiving on this firewall and then the remote subnet that's on the other side on firewall on fortigate1 there we go and we'll step back just one second here and we'll just take a you know double check these phase two selectors so you know the purpose of these phase two selectors is so that the fortigate can say okay this is going to be the local and remote traffic that is allowed based on the ipsec selector it's based on what's allowed and not allowed for ipsec now this doesn't actually modify any any additional routing by default all this is again is is a selector saying what can traverse over this ipsec interface named 240gate1 and what can be received so the next step now would be to actually create the route that i was referring to so we need to create a route to our destination subnet 111.0 and that's going to be via the following interface to fortigate one which we just created a moment ago now the last item here is to create a couple firewall policies so let's start by creating let's just create a policy named vpn1 this policy is going to allow traffic that originates from the internal network on this firewall to be able to communicate to the remote subnet so i've pre-created a couple address objects here you can click create here to do that um but you know in this particular direction this is how we would do it so traffic from the internal network which is the 112 network and that's the the source addresses are allowed to communicate with traffic on the other side of the ipsec tunnel via 240 gate 1 and this would be the remote destination and we'll just say service all for now we'll disable that because we don't need a source nat to be applied and we'll enable that policy okay so again this would be for traffic that is sourced from the internal network on this firewall destined to the vpn interface so we also need to consider the opposite direction so a cool tool that we can use here is we can right click and we can say clone reverse and we'll automatically create the the same policy but in the reverse direction and all we have to do now is just enable that policy so now we're up and running on this firewall so the next step now will be to configure the other firewall with pretty much the exact same configuration but in in reverse so we'll just speed through that quickly here okay so now we are on fortigate1 so now let's configure it all right so now taking a look at our topology let's run a ping from 192.168.112.2 to 192.168.11.5 okay we can see it's successful in one direction now let's try the other direction perfect all right so nine times out of ten it's not going to work the very first time in which case we need to troubleshoot a bit right so you know click on the video link right here and let's go to the troubleshooting video and um yeah thanks for thanks for watching
Info
Channel: ToThePoint Fortinet
Views: 61,447
Rating: undefined out of 5
Keywords: fortigate, fortinet, work from home, work at home, vpn, site to site, fortinet how to, fortigate how to, firewall how to, vpn how to, fortinet tutorial, vpn setup, ipsec setup, ipsec, vpn tutorial, vpn remote work, vpn telework, telework, ttp fortinet, ttp, to the point, to the point fortinet
Id: MHfjI13WiNI
Channel Id: undefined
Length: 4min 59sec (299 seconds)
Published: Sat Jan 29 2022
Related Videos
4 Ways to Backup/Restore FortiGate Configuration
ToThePoint Fortinet
8.5K
Fortinet: Troubleshoot 5 IPSec Site-to-Site VPN Scenarios - FortiGate
ToThePoint Fortinet
28K
Site to Site VPN Configuration on FortiGate | Lab GNS3
KBTrainings
6.3K
VPNs Explained | Site-to-Site + Remote Access
CertBros
781K
FortiGate Site-to-Site IPsec VPN with NAT Device
Verifine Academy
8.8K
FortiGate SDWAN with IPsec VPN
Verifine Academy
9.5K
How to Configure IPsec VPN Remote Access on FortiGate Firewall FortiOS 7
IgoroTech Official
71K
Fortinet: How to Setup SSL/VPN to Remotely Connect to a FortiGate firewall
Firewalls.com
390K
MicroNugget: IPsec Site to Site VPN Tunnels Explained | CBT Nuggets
CBT Nuggets
419K
FortiGate Remote Access VPN Configuration
SinaOnline
19K
DNAT configuration in FortiGate Firewall | Fortinet DNAT
Fresh Developer
4.3K
How to configure VPN Client to Site on FortiGate
NETVN82
71K
FortiGate Site-to-Site IPsec VPN
Verifine Academy
3K
Fortigate Firewall | Fortigate Administration Full Course | 2022
Knowledge Power
51K
Fortinet: How to Setup a Route-Based IPSec VPN Tunnel on a FortiGate Firewall
Firewalls.com
242K
Redington & Fortinet-FortiGate IPsec VPN:Site-to-Site &Client-to-Site Webinar Session-1st April 2020
DigiGlass
18K
FortiGate Site-to-Site IPsec VPN with Overlapping Subnets
Verifine Academy
5.7K
How to configure VPN site to site on Fortigate
NETVN82
33K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.