Fortinet: IPsec Site-to-Site VPN Setup on FortiGate Firewall

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
in this video we're gonna configure two fortigates with a site-to-site vpn and at the very end of the video we're gonna have a link to a troubleshooting video in case things don't work let's get right into it okay so maybe take a quick screenshot of this page right here just so you have an idea of what the topology looks like the end goal here is we want 192.168.111 network to be able to communicate with the 192.168.112 network and vice versa okay so let's get started on 40 gate number two so first we access vpn ipsec tunnels create new ipsec tunnel and then we'll create custom we'll just name it 240 gate one okay so let's just put in the the address of the remote pier which is going to be 40 gate 1. it's accessible via our wan one interface from this firewall's perspective and then we'll just put in our pre-shared key and then we can leave everything else default we can always tweak as we need in the future here and then we'll create the local address so this is going to be the traffic that we are receiving on this firewall and then the remote subnet that's on the other side on firewall on fortigate1 there we go and we'll step back just one second here and we'll just take a you know double check these phase two selectors so you know the purpose of these phase two selectors is so that the fortigate can say okay this is going to be the local and remote traffic that is allowed based on the ipsec selector it's based on what's allowed and not allowed for ipsec now this doesn't actually modify any any additional routing by default all this is again is is a selector saying what can traverse over this ipsec interface named 240gate1 and what can be received so the next step now would be to actually create the route that i was referring to so we need to create a route to our destination subnet 111.0 and that's going to be via the following interface to fortigate one which we just created a moment ago now the last item here is to create a couple firewall policies so let's start by creating let's just create a policy named vpn1 this policy is going to allow traffic that originates from the internal network on this firewall to be able to communicate to the remote subnet so i've pre-created a couple address objects here you can click create here to do that um but you know in this particular direction this is how we would do it so traffic from the internal network which is the 112 network and that's the the source addresses are allowed to communicate with traffic on the other side of the ipsec tunnel via 240 gate 1 and this would be the remote destination and we'll just say service all for now we'll disable that because we don't need a source nat to be applied and we'll enable that policy okay so again this would be for traffic that is sourced from the internal network on this firewall destined to the vpn interface so we also need to consider the opposite direction so a cool tool that we can use here is we can right click and we can say clone reverse and we'll automatically create the the same policy but in the reverse direction and all we have to do now is just enable that policy so now we're up and running on this firewall so the next step now will be to configure the other firewall with pretty much the exact same configuration but in in reverse so we'll just speed through that quickly here okay so now we are on fortigate1 so now let's configure it all right so now taking a look at our topology let's run a ping from 192.168.112.2 to 192.168.11.5 okay we can see it's successful in one direction now let's try the other direction perfect all right so nine times out of ten it's not going to work the very first time in which case we need to troubleshoot a bit right so you know click on the video link right here and let's go to the troubleshooting video and um yeah thanks for thanks for watching
Info
Channel: ToThePoint Fortinet
Views: 61,447
Rating: undefined out of 5
Keywords: fortigate, fortinet, work from home, work at home, vpn, site to site, fortinet how to, fortigate how to, firewall how to, vpn how to, fortinet tutorial, vpn setup, ipsec setup, ipsec, vpn tutorial, vpn remote work, vpn telework, telework, ttp fortinet, ttp, to the point, to the point fortinet
Id: MHfjI13WiNI
Channel Id: undefined
Length: 4min 59sec (299 seconds)
Published: Sat Jan 29 2022
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.