Fortinet | Site-to-Site VPN FortiGate and Palo alto Firewall | DAY 19 | Fortinet NSE4 Training

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

Hello friends welcome to my Channel today is the day 19 for our 48 firewall series so in this video we are going to understand how we are going to build VPN between fortigate firewall and Palo Alto firewall okay so I have covered 40 get firewall to 40 get firewall in my previous video if you have not seen I'll recommend you to see that and also I'll recommend you to please watch the basics of VPN video so that you can understand how side to side VPN works exactly so for your convenience what I can do is I can put the video of that particular video link in the I button or you can find in the description box of that video okay so in this video I'll I'll be covering the Practical part step by step configuration side to side VPN between 40 get firewall and Palo Alto firework because nowadays if you working for an organization you will be finding not a a single type of vendor firewalls you will be having multiple vendors of firewalls like 40 gate Palo Alto for tickets Cisco or checkpoint or any other devices so in this video I'll be covering step by step so that whenever you are get a chance to configure 40K between uh Apollo Auto firewall if you want to build a VPN what are the configuration that you have to put in the for ticket or Palo Alto firewall even if you want to troubleshoot what are the things that you need to go ahead and troubleshoot it okay and if you watch this video it will be helpful for your real-time scenario troubleshooting as well as if you are designing something uh for your customer or let's say if you have got a task to set up a VPN tunnel it will be really really helpful for you okay so it is for all for troubleshooting for design perspective and from solution architect Wireless perspective as well so I'll highly recommend you to watch this video till then also I'll request you to please subscribe my channel and hit the Bell icon so that you never miss a video from me so without any further delay let's get started so guys let's move on to the Practical and we'll start the Practical this is our topology okay so we'll try to understand so this is our ISP okay uh this is our site one where we have placed the four ticket and this is our subnet okay for this one Port 3 is connected to inside the port 2 is connected to outside and this is our site 2 where we have placed the polo Alto okay uh ethernet one slash one is connected to inside which has the subnet and the ethernet one Slash 2 is connected to outside which has this subnet okay and for 40 gate the site one this is the subnet and the 40 gate as well as the Palo Alto is connected to this management switch and it is controlled by the local PC I'll be able to access it okay so this is all about the topology let's login to 48 firewall and Paul auto file one and we'll start configuring the side to side VPN okay so guys uh before we start configuring the fertigate or Paul Alto firewall for VPN let me tell you that we have already configured the IP addressing part so we have already completed okay and uh let's let me show you guys that I have already configured the interfaces so you can see the management IP address the outside the inside so all these things I have configured so let's move on and configure the VPN part okay so friends to configure VPN you have to go to VPN section and we have to go to VPN tunnels okay and we are going to create a VPN Tunnel right so here we have something called as remote devices for ticket or Cisco so this is already a kind of automated for the configuration but if you are building a configuration with um some other device in that case that template is not available you have to go for custom okay so here I am just putting a site one two side two right next now here I have to enter this configuration manually which we are we we are going to do that so here we have to put the peer IP address so let me show you the peer IP address this is the local and this is the peer IP address that we are going to configure over here okay so let me give the IP address so 200 so it is 200 1.1.1.10 right and this has to be reachable via Port 2 right this is what it is so Port 2 it should be reachable from there okay now local Gateway uh we are not going to specify because it takes from that particular port to itself okay now net traversal it is not required so I'm just disabling it dead peer detection on demand it is so we will see later it is not a necessary thing now here there are few things which which can be added automatically okay so adding root it will add automatically so you don't need to add it this this all are basically disabled because this is not optimized that is the reason the template was for Cisco and for Ticket it is not for okay so we are not going to do anything we just need to add the routes that's all we need okay now here we have a method the authentication method so there is signature and there is a preset key so we don't have any certificate right now so we'll go for preset key so we'll just put a password over here and and here we have to choose the version so I version 1 or 5 version 2 so we are going to choose I version 1 and the mode in main mode we are not going to specify any other like not aggressive mode so here we are going to specify the encryption and Char it is it is not licensed one that is the reason it is not showing all the algorithms otherwise it will show you and definite is 14 and 5 whatever I wanted to choose so I'll just go I'll just go and choose 5 and 14 both okay here we don't need to specify anything local ID okay here this is needed we need to specify the IP addresses the local and the remote which we will be so what is the local local will be 10.1.1.0 and the remote will be 20.1.1.0 so we'll just specify that so empty so local will be 10.1.1.0 24 okay and if I talk about the remote one it is 103.0 Dot 1.1.0 okay now here if you if you want if you have any choices uh you can enable the desks and we are choosing shower that's all if I want to enable the PFS we just need to enable the PFS and we are good so we are basically enabling the PFS 14 and 15 otherwise we can disable this okay so we'll just disable for now and we'll click ok so I'll just go it is not taking the shower one so we'll go for start 256 so we'll verify once so remote Gateway it is going to Port 2 and all the things are good so the same policy I have to configure add Polo Alto and as well so let me configure the same to Palo Alto and one last thing that we need to verify is we have to verify the routing as well so as you can see I have only one route which is given to reach to PR IP address so if I want to reach to this basically I have given that route so 201 to reach this I have given the route so I'll just create a route I if I want to reach to 1.1 Dot 2 dot not 20 dot so it is 20.1.1.0 slash 24 now Gateway we are not going to choose any Gateway it will go via the side to side Tunnel right because now it is it will go through the tunnel that is the reason we have given the tunnel interface so this is created just now we have created site one to side two the it will go through that particular tunnel so we have just chosen that so uh we are good with the routing part let's move on and check the policy whether we have policy or not and we have to create a policy okay basically two policy one is for incoming because we want to initiate the traffic from here to here and here to here both the sites so we need two policies so one is for VPN out okay so incoming will be from Port 3 2 side to Source will be any destination will be any and accepted we don't need to do that we are good okay services will be all okay good now we have to create one more policy so we'll just name it as VPN in okay so the traffic will be coming from the VPN tunnel and it will go to Port 3 it will be all this will be all this will be all so I'm just accepting all those parameters that's all and this way we are done with the policy with the routes with the VPN configuration so we are basically done with the configuration in for ticket now we'll go to the follow alter and we'll start configuring it uh I have already configured the IP addresses the Zone information so all those things are already configured the only thing that we have to configure the side to side VPN so we will go to the network part then we'll go to the ike crypto if you have not seen my Polo to side to side VPN you can find that particular video in I button you can click and you can go and you can see the detail about the follow Alto VPN now here we need to configure the side to side VPN and we need to match the policy so for that I'll just go and check what is the algorithm it is using so Dash and 256. so I'll create a policy I'll name it as 40 gate okay now encryption is this and authentication is SAR 256 and the th value is 14. I'll just set this up or maybe I'll put it as 5 okay and we are good now let's move on to ipsec I'll just create I'll just type it as 40 get and here what would be my okay Phase 2 where is that Advanced so here a dash and shower so this will be test and this will be sha1 where is the seven okay and here I have disabled the PFS so I am not going to enable PFS no PFS so I'm good with this fine so we are done with the phase one policy phase two policy now we'll go to the ik Gateway and we'll configure it okay so here I am going from side 2 to site one basically okay now the interface that we are going to use is ethernet one slash two this is the one okay and the IP address that we are going to use it is so local IP address I'll just select that now the remote IP address will be 200 1.1.10 if you go in the 200.1.1.10 right now here I'll just put the same password but I've put it over there here it is just identification we can if you want you can give it or if you don't want you don't give I'm just giving for my so there's 1.1.10 200.1.10 okay in advance options I am not changing anything the only part that I am going to change is the profile which is for for Ticket okay and exchange would be main mode click ok now we'll proceed further to IP set tunnel and here I just need to make it PSI 2 to site one okay and here we need to create a tunnel interface which I am going to make it as default as outside because that traffic will be coming from outside so I'm just choosing I don't need to specify the IP address because IP address is not needed for that particular tunnel Gateway just now we have configured and this one will be the 40 gate one and here we need to define the proxy ID so we just need to define a proxy ID this is side two and here we are 20.1.1.0 24 and this is 10.1.1 Dot zero slash 24 okay we are good now the same way we are going to configure the routes as well so we'll go to the default routes static routes and add it so this is for site one and we will be going to 10.1.1.0 slash 24 from which interface we are going to go we are going for 10 and the IP address will be none because we are sending the traffic through the tunnel so we don't need to specify the next stop because next stop is not there right we are good click OK and we'll create a policy now we are going to allow the both way policy because I can send the traffic from anywhere so VPN traffic what to do my source inside as well as my source can be outside okay outside and inside both okay now as you can see that if somebody is coming from inside to outside or outside to inside this is the way we should not give in the production if you want to give you can specify the source IP address destination IP address destination IP address Source IP address properly okay as this is a lab I'm just doing it for now okay so let it commit and then we'll test the connection through this PC and we'll try to Ping or maybe from this to this we can ping and test it so let's Commit This I'll open the PC now I will little bit enlarge the size of the window so that we will be able to see so ipconfigure okay so let's open this so this is 20.1.1.1 let's try to Ping configuration is successful let's login now here as well and we'll try to Pink So ping 10.1.1.1 so request time mod and now we are getting reply so now let's move on and we'll see whether the tunnel is up or not so let's refresh this okay so now we can see the tunnel status is before the ik was refreshed and it was showing as green now the tunnel information I sense you can see that it's up and it is working fine okay now if I try to Ping it again the counts will get increase so if I go here and we'll see the counts it is getting increased now so now the VPN tunnel is working there is no problem in it as well as we can see the routes everything if we go to the 40 gate to the dashboard to the network now if you want to expand this you are seeing that the incoming data and the outgoing data so now we can see that we are able to successfully build the tunnel between the 40 gate firewall and the Palo Alto firewood so guys just wanted to understand that you guys have seen the same scenario connecting two different vendors please comment it and let me know how did you resolve the problem or did you configure the device successfully or what exactly happens I'll be waiting for your interesting comments that what exactly happens once you if you have got this kind of scenarios uh guys this is what I wanted to cover in this video thank you so much for watching and I'll also request you to please subscribe my channel and hit the Bell icon so that you never miss a video from me thank you so much for watching this I'll see you in the next

Info

Channel: Bikash's Tech

Views: 4,942

Rating: undefined out of 5

Keywords: fortigate basic configuration, fortinet, training, fortinet firewall, fortigate firewall training, fortinet firewall tutorial, fortigate installation, fortigate firewall configuration step by step, firewall policy, fortigate how to, configuration how to, palo alto, bikash tech, NSE4 Training, FORTINET TRAINING, Fortinet, Fortigate firewall, Fortigate VPN, phase 1, phase 2, Main mode, fundamental of vpn, Fortinet: IPsec Site-to-Site VPN Setup on FortiGate Firewall, ipsec

Id: 1svW3bN7Xrg

Channel Id: undefined

Length: 21min 24sec (1284 seconds)

Published: Sun Jul 30 2023