Configuring FortiGate_1
Whenconfiguring FortiGate_1, you must:
• Configure the interfaces involved in the VPN.
• Define the Phase 1 configuration for each of the two possible paths, creating a virtual IPsec interface for each one.
• Define the Phase 2 configuration for each of the two possible paths.
• Configure incoming and outgoing security policies between the internal interface and each of the virtual IPsec interfaces.
To configure the network interfaces
1. Go to System > Network > Interfaces.
2. Select the Internal interface and select Edit. Enter the following information and select OK:
Addressing mode | Manual |
IP/Netmask | 10.21.101.2/255.255.255.0 |
3. Select the WAN1 interface and select Edit. Enter the following information and select OK:
Addressing mode | Manual |
IP/Netmask | 192.168.10.2/255.255.255.0 |
4. Select the WAN2 interface and select Edit. Enter the following information and select OK:
Addressing mode | Manual |
IP/Netmask | 172.16.20.2/255.255.255.0 |
To configure the IPsec interfaces (Phase 1 configurations)
1. Go to VPN > IPsec > Tunnels and create the new custom tunnel or edit an existing tunnel.
2. Edit the Phase 1 Proposal (if it is not available, you may need to click the Convert to Custom Tunnel button).
3. Enter the following information, and select OK:
Name | Site_1_A |
Remote Gateway | Dialup User |
Local Interface | WAN1 |
Mode | Main |
Authentication Method | Preshared Key |
Pre-shared Key | Enter the preshared key. |
Peer Options | Any peer ID |
Advanced | |
Dead Peer Detection | Select |
4. Create a new tunnel and enter the following Phase 1 information:
Name | Site_1_B |
Remote Gateway | Dialup User |
Local Interface | WAN2 |
Mode | Main |
Authentication Method | Preshared Key |
Pre-shared Key | Enter the preshared key. |
Peer Options | Any peer ID |
Advanced | |
Dead Peer Detection | Select |
To define the Phase 2 configurations for the two VPNs
1. Open the Phase 2 Selectors panel.
2. Enter the following information and select OK:
Name | Route_A |
Phase 1 | Site_1_A |
3. Enter the following Phase 2 information for the subsequent route:
Name | Route_B |
Phase 1 | Site_1_B |
To configure routes
1. Go to Router > Static > Static Routes.
For low-end FortiGate units, go to System > Network > Routing.
2. Select Create New, enter the following default gateway information and select OK:
Destination IP/Mask | 0.0.0.0/0.0.0.0 |
Device | WAN1 |
Gateway | 192.168.10.1 |
Distance (Advanced) | 10 |
To configure security policies
1. Go to Policy & Objects > Policy > IPv4 and select Create New.
2. Leave the Policy Type as Firewall and leave the Policy Subtype as Address.
3. Enter the following information, and select OK:
Incoming Interface | Internal |
Source Address | All |
Outgoing Interface | Site_1_A |
Destination Address | All |
Schedule | Always |
Service | Any |
Action | ACCEPT |
4. Select Create New.
5. Leave the Policy Type as Firewall and leave the Policy Subtype as Address.
6. Enter the following information, and select OK:
Incoming Interface | Internal |
Source Address | All |
Outgoing Interface | Site_1_B |
Destination Address | All |
Schedule | Always |
Service | Any |
Action | ACCEPT |