How to Configure Fortigate Site-to-Site VPN on gns3

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
okay hello everyone in this video I'm going to show you how to create a side to side connection so given that this is Seattle this is Denver Colorado uh what we want to do is we want the network here the land Network here to have access over to this land here I'm going to open server one and then on server one we're gonna check first the ID to see you currently as you can see this is actually in this range and my my uh what's it called my default gateway which is my firewall is actually having the IP so I can actually ping that as well as I can actually open a web browser with smip and um browse that same um firewall to do uh energy UI configuration that I want to do uh on it so basically I have um web access to that IP I also can actually ping the IP the next I want to show you is I want to see if I come from this PC here this summer one here being anywhere in Denver so first thing I want to do is to paint this one ID which is seven two three 1767.206 as you can see I can actually reach the one IP from here so definitely the next I want to do um um sorry is do I have sorry I'm really Mystic there do I have access to the internet definitely I do have access to the internet so I can actually get to the internet I can actually browse anything I want to browse now do I have access to Ping in this firewall on the Lan interface which is the answer is no so I'm gonna go to server 2 and I'm gonna do the pinging again the same way this is symbol2 and it will still leads to the wrong thing again you want to check the IP address as you can see this is the IP that I'm pinging and then from server 2 here you can see the IP that was not replying here is replying here because it is online and then from server 2 can I actually ping the one off so one or just 2007 yes I can can I reach the internet and then the next I want to do is can I actually ping the Gateway which was one of the things I painted here earlier which is this replied when I think it's as you can see it did reply when I think so I'm gonna try and think here then we will see is that there is no responsive trapping me here again just to show you that um when I'm on the lab I can actually reach my default when I'm actually removed I cannot so what I want to show you is how to create a site Society VPN of course if you can't if this cannot reach this default view we do not expect this to be able to get to any any network here as well so what I want to do is to produce such as ivp from here down here and then do the same things that we can have access from here to this networking and then from here to this network here so what I'm going to do first is to log in to the Seattle firewall on the CM firewall I'm going to create a VPN ipsec VPN wizard I'm going to say call this Seattle HQ is a side to side VPN I'm not using that the Remote device is usually a 40-gig device and I'll click next my remote ID is 172.17.67.206 that's very very important you get that correct my percent key make sure that the pressure key that you have here is actually the same pressure key you have already in my local interface which is My Lan which I want them to have access to and then the remote interface which is the land of Denver which is actually the subnet but if you have water subnets in Denver you can actually type them here so I'm going to go next and then create stats report you can see VPN has been set up we'll go to the next location which is Denver we're going to log in there and then as you can see this is Denver so which is this is Seattle so it's different device create a VPN VPN 56 VPN visit here Denver I can just see side to side no sub no not so it's a 40 gigaby other hand as well next my remote IP is 207 and then I'm using the same crochet key and then clicking next it's just for sure let me type that correctly and then clicking next my local interface is still popular in this case which is on that Network then my remote Network which is the Lan 177.04 which is a land of Seattle next then in this case here click create so then you can see VPN as we set up show to another list will show you that you have the scientists I created on using your binding interval history which is your one interface and it's already inactive if you go to Seattle show to Now list now this is the same thing it's currently inactive so you you need to click on this in active now take it to IP set monitor you can actually get there by click coming here and clicking like this monitor you have the comprehensive um dashboard now what I'm going to do this as you can see here I have phase one is Optoma phase two is down so what I'm going to do is to bring up my face to click on this and bring up you can just bring up all phase two select tools you guys want to see Phase 2 selector which is basically this one so whichever one not some time this is enough to bring your call if you want to bring up everything that's fine but I'll just choose this and now bring up the link as you can see this is up not just incoming data currently zero byte means there's no traffic so the same thing here we just refresh this and then you can see it's off once you bring up the tunnel on the other end this one comes up if not if one of them has none of them comes up it means there must have been maybe an IP address configuration somewhere so just go around and check the configuration so everything here looks good as you can also so see this is phase one of which to select your elbow up and then there is no traffic here so what I'm going to do now is I'm going to go back to my seven one and then on my server line I'm gonna ping remember my server one IP address is 177.254 I need to Ping devot default gateway which is [Music] um from here then the 192.192 .354 basically thinking this interface here so that's just once I print that as you can see I now have access to Pink in this device so basically what this is telling you is now from um Seattle which is this one here which is this PC here if I open the web browser a gradually access the 40 Gates of Denver look at that so that tells you that your side to side connection is working so I'm going to go to server 2 and do the same thing again now says earlier I was unable to Ping this IP which is the 40 gauge of Seattle from Denver I'm just going to read the commanders test I can ping it as well so if you can ping that device it means that also from the web browser of this device of This Server here I can as well removed into uh what's it called in a movie on server one well 72 is coming up okay now I can as well connect to Seattle from database so here you can see do not forget I'm in Denver Let Me Show You by using ipconfig this is my IP and if you can see the pink I'm actually opening the web browser over 40 Gates or on the other end using the Lan IP I'm not I'm not using the one item because we're using the line IP so you can see I have the side to side connection up I'm running so here I can basically ping so you can see I have access to Ping in there so now I can open it from the web browser and log in to this as well and I'm going to show you don't forget server 2 server one is Seattle so two is Denver so on server one I try to open Denver from Seattle at the open River on server 2 from Seattle sorry from Denver which it says I can actually open the Seattle file wall so there's basically no limitation there the next thing I want to do is to see if I can actually ping from my seller 2 into my server one let me show you so on server two let's see if I can ping 192.168.177.1 now notice this is no replying and if this is not replying there is one reason why it's not replying remember the Windows PC has its own inbuilt firewall that blocks all traffic from coming in so what we're going to do is to come to server one and then locate the firewall and turn it off so go to the stop button type firewall it's also on the control panel Windows Firewall click Windows Firewall for the control panel foreign Box open on the left side of the pane on the left pane you're gonna see turn Windows firewall on or off notice currently it's done on so I'm going to turn it off but for the private of the public in this case just for tests like I'm going to turn it back on when it wasn't gone click ok Once you turn it off the next thing you want to do is to test the pink notice that it's back on so if we do let's say a continuous ping for example and then we're going to turn it back on then you're gonna see the moment we turn it on you're gonna see we're gonna lose connectivity to the painted what's this it's no longer replying now it's time enough let me see let me turn it on only on the public network and then turn it off on a private Network again so in my private Network I campaign notice that so it means that you camping from the internet so which is good okay with that so basically in my private Network I can think what uh over the internet you'll be able to bring this PC that's fine with me so basically that is that's why you might turn that on back what you see is that would stop pinging notice that it's already stopped pinging so basically all you need to make sure is that the private firewall is turned off so that will allow you to actually ping from your PC on the Lan over to the next PC or over the top to the other device on the other network so basically now you can see This Server one now have full access to this land here just by creating a side to side VPN connection now since we have a continuous pain running and we'll just show you something briefly I'm going to go back to my browser let me trample this yeah okay I'm in Seattle so I'm gonna go to Denver and I'm going to turn off or shut down the tunnel so I'm going to go to VPN ipsectonal notice is currently up so I'm going to click on this click on the up and then here notice that we have some traffic incoming detail you can see the traffic here which is good so I'm going to turn this off or bring it down so I'm going to bring down the entire tunnel that's what I'm just going to do bring that in there for now and then I click on OK notice what then happens the moment I bring down the entire tunnel oh sorry uh it's still up let me see refresh that didn't go down okay I'm gonna bring down phase two tunnel bring down phase two tunnel okay now that just down good so now let's see if the painting is still working notice it's time it out so what we're going to do next is let's bring it back up bring it up but to bring up all face tools like I said let's just I'm going to bring it back up it's back up online I stick it down that is the movement I just need to be sure that that tunnel is down um trying to take it down the first step still open okay finally we're able to bring it down uh now not to go out okay as you can see once it's down nothing let's refresh if it comes back up which is what is basically doing is basically reestablishing the the connection because my copy is saying it's that's actually pink in the game so um I hope I've been able to show you how to set up a side to side VPN connection uh between two different networks so this is basically the same thing you do in a real life scenario the only difference will be the public IP will be different um the public ID you're using on the Seattle in the real life environment will be different from what I have here so what's once you put the IP address that you're using on your one interface let me show you basically what I'm trying to say once you put the IP address you're using on your one interface which is actually what I have here once you put the IP address on obviously only one on the other network you put it on as your remote Network everything should work the way it's experience will work Please Subscribe um click on like on my videos and if you have any question please put it in the comments I will be happy to provide some support as needed thank you so much for watching and have a great evening
Info
Channel: Techy-World
Views: 7,371
Rating: undefined out of 5
Keywords: fortigate ipsec vpn, how to, fortinet tutorial, fortigate ipsec vpn configuration, configure ipsec vpn, fortigate ipsec vpn site to site, fortigate firewall ipsec vpn configuration, vpn setup tutorial, configure ipsec vpn fortigate, fortigate ipsec vpn setup, fortigate ipsec vpn configuration step by step, fortigate ipsec vpn client to site configuration, fortinet firewall vpn tunnel setup, fortigate vpn tunnel setup, fortigate ipsec vpn site to site troubleshooting
Id: KK66ctBTxOY
Channel Id: undefined
Length: 18min 53sec (1133 seconds)
Published: Wed Feb 22 2023
Related Videos
FortiGate HA Setup
Techy-World
2K
Site to Site VPN Configuration on FortiGate | Lab GNS3
KBTrainings
4.9K
[Fortigate] Hub-and-Spoke VPN configuration
TechTalkSecurity
3.2K
FortiGate IPsec ADVPN with SDWAN and Dual ISPs
Verifine Academy
8.1K
Fortinet | IPsec Site-to-Site VPN Setup on FortiGate Firewall | DAY 18 | Fortinet NSE4 Training
Bikash's Tech
10K
Fortigate BASIC VPN IPSEC SITE TO SITE (ARABIC).....Ben Ncib Mahmoud
Mahmoud Ben Ncib
397
The Downfall of Amazon: Dangerous Products, Fake Reviews & Vanishing Brands
Louis Rossmann
376K
Configuration D'un VPN Site à Site Sur FortiGate | GNS3 Lab
KBTrainings En Français
5.4K
EVE-NG guia definitivo
Café Com redes
9.1K
Implementation of IPSec Site to Site VPN | TUNNEL in GNS3 | Network Security
RAFEEK KHAN
4.4K
How to configure VPN site to site on Fortigate
TAN Kirivann
24K
JavaScript Tutorial For Beginners | JavaScript Training | JavaScript Course | Intellipaat
Intellipaat
605K
Configuration de High Availability (HA) sur le FortiGate - FGCP | Labo GNS3 de Zero Au Max
KBTrainings En Français
2K
Fortigate firewall training for beginners
Forti Tip
329K
Configure IPSec VPN between FortiGate in Hindi
Sarwara Tech
3.6K
fortigate site to site vpn configuration step by step
TAN Kirivann
1.1K
FortiGate SDWAN with IPsec VPN
Verifine Academy
6K
Fortinet: Troubleshoot 5 IPSec Site-to-Site VPN Scenarios - FortiGate
ToThePoint Fortinet
25K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.