SlideShare a Scribd company logo

Creating a fortigate vpn network & security blog

Kamlesh Mishra Sr. Executive - IT Infra "IT infra Lead"
Kamlesh Mishra Sr. Executive - IT Infra "IT infra Lead"
1 of 9
Download to read offline
Creating a Fortigate VPN | Network & Security Blog http://www.ipspace.eu/fortinet/creating-a-fortigate-vpn/ Home About Contact Cisco » Fortinet » General Security Linux News Windows Home About Contact Cisco » Fortinet » General Security Linux News Windows Home » Fortigate » Creating a Fortigate VPN Creating a Fortigate VPN Posted by Daniel on May 28, 2012 in Fortigate, Fortinet | 15 comments Like Be the first of your friends to like this. Hello, In this post i will show you how to create a policy based Fortigate VPN. I will be using FortiOS version 4.0 MR3. For the VPN tunnel we used the following topology: 1 of 9 06/04/2013 13:43
Creating a Fortigate VPN | Network & Security Blog http://www.ipspace.eu/fortinet/creating-a-fortigate-vpn/ Creating Fortigate VPN Steps: I. Go to VPN > IPsec ->Auto Key (IKE) and select “Create Phase 1“ II. Enter the following information in Phase1 Name: Fortigate_VPN 1- This is a name to identify the VPN tunnel, you must remember this name as it will appear when configuration the Phase2. Remote Gateway – Enter the static IP of the VPN remote peer. In our example it is “2.2.2.2″ Local Interface – Select the interface that has outside Internet access. In our case we picked “WAN1″. Note: This interface cannot be a loopback interface. Mode: Main Mode Authentication: Pre Shared Key -> pick a share key with more than 6 letters. Click Advanced: Select the P1 Proposals (we picked): Encryption: 3DES Authentication: MD5 DH Group: 2 Keylive: 28800 Local ID: <none> XAUTH: Disabled NAT Traversal: Disabled Dead Peer Detection: Disable – Note:please keep in mind to set this to disabled in case you are 2 of 9 06/04/2013 13:43
Creating a Fortigate VPN | Network & Security Blog http://www.ipspace.eu/fortinet/creating-a-fortigate-vpn/ peering with another VPN vendor. I have found out that this can break the VPN tunnel Click “OK” The VPN Phase1 one was now created successful. III. Now we need to create VPN Phase2, below are the steps: Name: Select a name that suits you, we picked “Phase2_Fortigate_VPN1” Phase1: Select the name of the Phase1 you created earlier. We picked” Fortigate_VPN1” Encryption: 3DES Authentication: MD5 Quick Mode Selector: This describes the IP ranges that you want passing through the VPN. As in the picture, we picked: The Source Address: 10.10.10.0/24 , that is behind our Fortigate_1 VPN appliance. The Destination Address: 10.20.20.0/24. that is behind our Fortigate_2 VPN appliance. IV. Define VPN Source Selectors 1. Create a firewall address, go to Firewall Objects > Addresses > Address and select “Create New“. Enter the following information and press “OK“: Address Name: Sales_Network Subnet/IP Range: 10.10.10.0/24 2. Create another firewall address( that is behind Fortigate 2) and go to Firewall Objects > Addresses > Address and select “Create New“. 3 of 9 06/04/2013 13:43
Creating a Fortigate VPN | Network & Security Blog http://www.ipspace.eu/fortinet/creating-a-fortigate-vpn/ Enter the following information and press “OK“: Address Name: Remote_Sales_Network Subnet/IP Range: 10.20.20.0/24 V. Create a Firewall Policy on the Fortigate: a. Go to Policy > Policy b. Select Create New c. Enter the following information and press “OK” Source Interface/Zone – Select Internal Source Address Name – Select “Sales_Network” Destination Interface/Zone – Select WAN1 Destination Address Name – ”Remote_Sales_Network” Action – IPSEC VPN tunnel: Fortigate_VPN1 Select ONLY the following option: Allow Inbound and Allow Outbound Everything should be up and running now. Please let me know if you have any questions. Related Posts Fortigate Tips and Tricks Fortigate Troubleshooting – VPN Like Be the first of your friends to like this. 15 Comments 1. Santosh Kumar Nayak / June 2, 2012 Can you please help me in Blocking Google+ in Fortinet Firewall? I have already blocked Social Networking but it doesn’t get blocked by Firewall. 4 of 9 06/04/2013 13:43
Creating a Fortigate VPN | Network & Security Blog http://www.ipspace.eu/fortinet/creating-a-fortigate-vpn/ Reply Daniel / June 2, 2012 Santhosh, You can create a new URL filter, or add to an existing one the “plus.google.com” URL and mark it as blocked. Also please be carefull that when applying the Web Filter, you also mark the inspection for HTTPS (as google plus could be using SSL). Hope it helps. Reply Santosh Kumar Nayak / June 13, 2012 Hi!!!! I tried that also, it didn’t work. It works only if I set https(Deep Scan). But in this case all my websites are asking for certificates even in outlook also. Is there any other way. Reply Daniel / June 15, 2012 So you added plus.google.com as a blocked URL and it didn’t work ? Please try something like this in the url filter: url: .*dropbox.com.* type: regex action: blocked enable: yes (ticked) I did not try this, but it should work. Please let me know the outcome Reply Santosh Kumar Nayak / June 18, 2012 Hi! It works for other sites. But for Google Plus it doesn’t block. If I give deep scanning then it blocks as Social Networking category. But 5 of 9 06/04/2013 13:43
Creating a Fortigate VPN | Network & Security Blog http://www.ipspace.eu/fortinet/creating-a-fortigate-vpn/ for most of the sites it is getting Certificate issues. Is there any other solutions? 2. Daniel / June 11, 2012 Hi! Very nice description. You described the settings for one Fortigate. Is it right that I have to set up the remote sales network Fortigate the same way as the sales network Fortigateunit? Thank you in advance! Reply Daniel / June 13, 2012 Well, now I can answer my question myself: YES! Reply 3. Manuel Guzman / December 19, 2012 Good morning, i have an ipsec site to site betweeen a Fortigate 100d and a cisco SA520, i can access from the network that is behind the cisco to the one that is behind the fortigate but i can’t access from the one behind of fortigate to the one behind the cisco, any ideas or recommendation? Thank you Reply 4. Shabeer / February 10, 2013 I want to connect between two offices, using dyndns. In head office we already have 5 VPNs. I am new in office. Can you kindly show me what kind of configuration i can have to connect between 10.0.0.0/24 and 10.0.6.0/24 using dyndns. Reply 6 of 9 06/04/2013 13:43
Creating a Fortigate VPN | Network & Security Blog http://www.ipspace.eu/fortinet/creating-a-fortigate-vpn/ kaleem / March 2, 2013 dear shabeer, i am also looking for same. if you got any material the. plz share with me at kaleemullahbilal@gmail.com Reply 5. James Greene / February 20, 2013 I am trying to setup a vpn tunnel to a cisco asa 5520. I get the following error: NO-PROPOSAL-CHOSEN from your side. Any help would be greatly appreciated Reply admin / February 20, 2013 Hello, That means that the Fortigate or the ASA side do not have the same encryption or source selector configured. The PHASE2 is not matching between the ASA and the Fortigate. Reply 6. Rene Bosshard / February 22, 2013 Very good and short post. I made it from a Fortigate 60b to a Zywall. I have a VPN-tunnel, but i can not ping nor access the servers behind. What is Wrong? Reply admin / March 1, 2013 I need the configuration of both firewalls to see this.. 7 of 9 06/04/2013 13:43
Creating a Fortigate VPN | Network & Security Blog http://www.ipspace.eu/fortinet/creating-a-fortigate-vpn/ Reply 7. Daniel / July 8, 2012 Which IE browser are you using ? IE9 works fine. Reply Leave a Comment Your email address will not be published. Required fields are marked * You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> Sign up to our newsletter! Please subscribe to our weekly newsletter! Name: Email: 8 of 9 06/04/2013 13:43
Creating a Fortigate VPN | Network & Security Blog http://www.ipspace.eu/fortinet/creating-a-fortigate-vpn/ Please subscribe for our weekly newsletter. We are planning or releasing PDFs and Videos that will help you in your day-to-day Engineering job! Designed by Elegant WordPress Themes | Powered by WordPress Home About Contact 9 of 9 06/04/2013 13:43

Recommended

Fortinet Automates Migration onto Layered Secure Workloads
Fortinet Automates Migration onto Layered Secure WorkloadsFortinet Automates Migration onto Layered Secure Workloads
Fortinet Automates Migration onto Layered Secure WorkloadsAmazon Web Services
 
Apache JMeter로 웹 성능 테스트 방법
Apache JMeter로 웹 성능 테스트 방법Apache JMeter로 웹 성능 테스트 방법
Apache JMeter로 웹 성능 테스트 방법Young D
 
Ubuntu And Parental Controls
Ubuntu And Parental ControlsUbuntu And Parental Controls
Ubuntu And Parental Controlsjasonholtzapple
 
Devry gsp 215 week 7 homework networking commands new
Devry gsp 215 week 7 homework networking commands newDevry gsp 215 week 7 homework networking commands new
Devry gsp 215 week 7 homework networking commands newshyaminfopvtltd
 
Devry gsp 215 week 7 homework networking commands new
Devry gsp 215 week 7 homework networking commands newDevry gsp 215 week 7 homework networking commands new
Devry gsp 215 week 7 homework networking commands newshyaminfo06
 
Devry gsp 215 week 7 homework networking commands new
Devry gsp 215 week 7 homework networking commands newDevry gsp 215 week 7 homework networking commands new
Devry gsp 215 week 7 homework networking commands newuopassignment
 
Taishaun_OwnensCNS-533_Lab
Taishaun_OwnensCNS-533_LabTaishaun_OwnensCNS-533_Lab
Taishaun_OwnensCNS-533_LabTaishaun Owens
 
Devry gsp 215 week 7 homework networking commands new
Devry gsp 215 week 7 homework networking commands newDevry gsp 215 week 7 homework networking commands new
Devry gsp 215 week 7 homework networking commands newwilliamethan912
 

Recommended

Fortinet Automates Migration onto Layered Secure Workloads
Fortinet Automates Migration onto Layered Secure WorkloadsFortinet Automates Migration onto Layered Secure Workloads
Fortinet Automates Migration onto Layered Secure WorkloadsAmazon Web Services
 
Apache JMeter로 웹 성능 테스트 방법
Apache JMeter로 웹 성능 테스트 방법Apache JMeter로 웹 성능 테스트 방법
Apache JMeter로 웹 성능 테스트 방법Young D
 
Ubuntu And Parental Controls
Ubuntu And Parental ControlsUbuntu And Parental Controls
Ubuntu And Parental Controlsjasonholtzapple
 
Devry gsp 215 week 7 homework networking commands new
Devry gsp 215 week 7 homework networking commands newDevry gsp 215 week 7 homework networking commands new
Devry gsp 215 week 7 homework networking commands newshyaminfopvtltd
 
Devry gsp 215 week 7 homework networking commands new
Devry gsp 215 week 7 homework networking commands newDevry gsp 215 week 7 homework networking commands new
Devry gsp 215 week 7 homework networking commands newshyaminfo06
 
Devry gsp 215 week 7 homework networking commands new
Devry gsp 215 week 7 homework networking commands newDevry gsp 215 week 7 homework networking commands new
Devry gsp 215 week 7 homework networking commands newuopassignment
 
Taishaun_OwnensCNS-533_Lab
Taishaun_OwnensCNS-533_LabTaishaun_OwnensCNS-533_Lab
Taishaun_OwnensCNS-533_LabTaishaun Owens
 
Devry gsp 215 week 7 homework networking commands new
Devry gsp 215 week 7 homework networking commands newDevry gsp 215 week 7 homework networking commands new
Devry gsp 215 week 7 homework networking commands newwilliamethan912
 
SEED Labs – Linux Firewall Exploration Lab 1Linux Firewall.docx
SEED Labs – Linux Firewall Exploration Lab 1Linux Firewall.docxSEED Labs – Linux Firewall Exploration Lab 1Linux Firewall.docx
SEED Labs – Linux Firewall Exploration Lab 1Linux Firewall.docxjeffreye3
 
SEED Labs – Linux Firewall Exploration Lab 1Linux Firewall.docx
SEED Labs – Linux Firewall Exploration Lab 1Linux Firewall.docxSEED Labs – Linux Firewall Exploration Lab 1Linux Firewall.docx
SEED Labs – Linux Firewall Exploration Lab 1Linux Firewall.docxedgar6wallace88877
 
Read me km spico install
Read me km spico installRead me km spico install
Read me km spico installAle Zav
 
Read me km spico portable
Read me km spico portableRead me km spico portable
Read me km spico portableAisha Mo
 
Sec285 final presentation_joshua_brown
Sec285 final presentation_joshua_brownSec285 final presentation_joshua_brown
Sec285 final presentation_joshua_brownJoshuaBrown233
 
Read me km spico portable
Read me km spico portableRead me km spico portable
Read me km spico portableLucas Fabrizzio Moreno Aleman
 
Ultimate Guide to Setup DarkComet with NoIP
Ultimate Guide to Setup DarkComet with NoIPUltimate Guide to Setup DarkComet with NoIP
Ultimate Guide to Setup DarkComet with NoIPPich Pra Tna
 
Accessblockedsites
AccessblockedsitesAccessblockedsites
AccessblockedsitesAshok kumar sandhyala
 
Step by Step on How to Setup DarkComet
Step by Step on How to Setup DarkCometStep by Step on How to Setup DarkComet
Step by Step on How to Setup DarkCometPich Pra Tna
 
Cable modem hacking how to(2)
Cable modem hacking how to(2)Cable modem hacking how to(2)
Cable modem hacking how to(2)NaciConSol
 
Taking a Quiz Using the Respondus Lockdown Browser
Taking a Quiz Using the Respondus Lockdown BrowserTaking a Quiz Using the Respondus Lockdown Browser
Taking a Quiz Using the Respondus Lockdown BrowserDaytona State College Library
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Dji phantom 2 vision vision+ open wrt webgui install
Dji phantom 2 vision vision+ open wrt webgui installDji phantom 2 vision vision+ open wrt webgui install
Dji phantom 2 vision vision+ open wrt webgui installSeyoung Park
 
NWSLTR_Volume8_Issue2
NWSLTR_Volume8_Issue2NWSLTR_Volume8_Issue2
NWSLTR_Volume8_Issue2Charles Klondike
 
penetration testing - black box type.
penetration testing - black box type.penetration testing - black box type.
penetration testing - black box type.luigi capuzzello
 
SEC321___Week_6___Network_Security___Firewalls.pdf.pdf
SEC321___Week_6___Network_Security___Firewalls.pdf.pdfSEC321___Week_6___Network_Security___Firewalls.pdf.pdf
SEC321___Week_6___Network_Security___Firewalls.pdf.pdfahmed53254
 
Current Events Crisis Analysis Essay This paper should be writte.docx
Current Events Crisis Analysis Essay This paper should be writte.docxCurrent Events Crisis Analysis Essay This paper should be writte.docx
Current Events Crisis Analysis Essay This paper should be writte.docxdorishigh
 
Walking the walk - the practical experience of Web2 in research
Walking the walk - the practical experience of Web2 in researchWalking the walk - the practical experience of Web2 in research
Walking the walk - the practical experience of Web2 in researchCameron Neylon
 
Bsd routers
Bsd routersBsd routers
Bsd routersHARRY CHAN PUTRA
 
De-Google Your Life
De-Google Your LifeDe-Google Your Life
De-Google Your LifeLorin Olsen
 

More Related Content

Similar to Creating a fortigate vpn network & security blog

SEED Labs – Linux Firewall Exploration Lab 1Linux Firewall.docx
SEED Labs – Linux Firewall Exploration Lab 1Linux Firewall.docxSEED Labs – Linux Firewall Exploration Lab 1Linux Firewall.docx
SEED Labs – Linux Firewall Exploration Lab 1Linux Firewall.docxjeffreye3
 
SEED Labs – Linux Firewall Exploration Lab 1Linux Firewall.docx
SEED Labs – Linux Firewall Exploration Lab 1Linux Firewall.docxSEED Labs – Linux Firewall Exploration Lab 1Linux Firewall.docx
SEED Labs – Linux Firewall Exploration Lab 1Linux Firewall.docxedgar6wallace88877
 
Read me km spico install
Read me km spico installRead me km spico install
Read me km spico installAle Zav
 
Read me km spico portable
Read me km spico portableRead me km spico portable
Read me km spico portableAisha Mo
 
Sec285 final presentation_joshua_brown
Sec285 final presentation_joshua_brownSec285 final presentation_joshua_brown
Sec285 final presentation_joshua_brownJoshuaBrown233
 
Ultimate Guide to Setup DarkComet with NoIP
Ultimate Guide to Setup DarkComet with NoIPUltimate Guide to Setup DarkComet with NoIP
Ultimate Guide to Setup DarkComet with NoIPPich Pra Tna
 
Step by Step on How to Setup DarkComet
Step by Step on How to Setup DarkCometStep by Step on How to Setup DarkComet
Step by Step on How to Setup DarkCometPich Pra Tna
 
Cable modem hacking how to(2)
Cable modem hacking how to(2)Cable modem hacking how to(2)
Cable modem hacking how to(2)NaciConSol
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Dji phantom 2 vision vision+ open wrt webgui install
Dji phantom 2 vision vision+ open wrt webgui installDji phantom 2 vision vision+ open wrt webgui install
Dji phantom 2 vision vision+ open wrt webgui installSeyoung Park
 
penetration testing - black box type.
penetration testing - black box type.penetration testing - black box type.
penetration testing - black box type.luigi capuzzello
 
SEC321___Week_6___Network_Security___Firewalls.pdf.pdf
SEC321___Week_6___Network_Security___Firewalls.pdf.pdfSEC321___Week_6___Network_Security___Firewalls.pdf.pdf
SEC321___Week_6___Network_Security___Firewalls.pdf.pdfahmed53254
 
Current Events Crisis Analysis Essay This paper should be writte.docx
Current Events Crisis Analysis Essay This paper should be writte.docxCurrent Events Crisis Analysis Essay This paper should be writte.docx
Current Events Crisis Analysis Essay This paper should be writte.docxdorishigh
 
Walking the walk - the practical experience of Web2 in research
Walking the walk - the practical experience of Web2 in researchWalking the walk - the practical experience of Web2 in research
Walking the walk - the practical experience of Web2 in researchCameron Neylon
 
De-Google Your Life
De-Google Your LifeDe-Google Your Life
De-Google Your LifeLorin Olsen
 

Similar to Creating a fortigate vpn network & security blog (20)

SEED Labs – Linux Firewall Exploration Lab 1Linux Firewall.docx
SEED Labs – Linux Firewall Exploration Lab 1Linux Firewall.docxSEED Labs – Linux Firewall Exploration Lab 1Linux Firewall.docx
SEED Labs – Linux Firewall Exploration Lab 1Linux Firewall.docx
 
SEED Labs – Linux Firewall Exploration Lab 1Linux Firewall.docx
SEED Labs – Linux Firewall Exploration Lab 1Linux Firewall.docxSEED Labs – Linux Firewall Exploration Lab 1Linux Firewall.docx
SEED Labs – Linux Firewall Exploration Lab 1Linux Firewall.docx
 
Read me km spico install
Read me km spico installRead me km spico install
Read me km spico install
 
Read me km spico portable
Read me km spico portableRead me km spico portable
Read me km spico portable
 
Sec285 final presentation_joshua_brown
Sec285 final presentation_joshua_brownSec285 final presentation_joshua_brown
Sec285 final presentation_joshua_brown
 
Read me km spico portable
Read me km spico portableRead me km spico portable
Read me km spico portable
 
Ultimate Guide to Setup DarkComet with NoIP
Ultimate Guide to Setup DarkComet with NoIPUltimate Guide to Setup DarkComet with NoIP
Ultimate Guide to Setup DarkComet with NoIP
 
Accessblockedsites
AccessblockedsitesAccessblockedsites
Accessblockedsites
 
Step by Step on How to Setup DarkComet
Step by Step on How to Setup DarkCometStep by Step on How to Setup DarkComet
Step by Step on How to Setup DarkComet
 
Cable modem hacking how to(2)
Cable modem hacking how to(2)Cable modem hacking how to(2)
Cable modem hacking how to(2)
 
Taking a Quiz Using the Respondus Lockdown Browser
Taking a Quiz Using the Respondus Lockdown BrowserTaking a Quiz Using the Respondus Lockdown Browser
Taking a Quiz Using the Respondus Lockdown Browser
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Dji phantom 2 vision vision+ open wrt webgui install
Dji phantom 2 vision vision+ open wrt webgui installDji phantom 2 vision vision+ open wrt webgui install
Dji phantom 2 vision vision+ open wrt webgui install
 
NWSLTR_Volume8_Issue2
NWSLTR_Volume8_Issue2NWSLTR_Volume8_Issue2
NWSLTR_Volume8_Issue2
 
penetration testing - black box type.
penetration testing - black box type.penetration testing - black box type.
penetration testing - black box type.
 
SEC321___Week_6___Network_Security___Firewalls.pdf.pdf
SEC321___Week_6___Network_Security___Firewalls.pdf.pdfSEC321___Week_6___Network_Security___Firewalls.pdf.pdf
SEC321___Week_6___Network_Security___Firewalls.pdf.pdf
 
Current Events Crisis Analysis Essay This paper should be writte.docx
Current Events Crisis Analysis Essay This paper should be writte.docxCurrent Events Crisis Analysis Essay This paper should be writte.docx
Current Events Crisis Analysis Essay This paper should be writte.docx
 
Walking the walk - the practical experience of Web2 in research
Walking the walk - the practical experience of Web2 in researchWalking the walk - the practical experience of Web2 in research
Walking the walk - the practical experience of Web2 in research
 
Bsd routers
Bsd routersBsd routers
Bsd routers
 
De-Google Your Life
De-Google Your LifeDe-Google Your Life
De-Google Your Life
 

Creating a fortigate vpn network & security blog

  • 1. Creating a Fortigate VPN | Network & Security Blog http://www.ipspace.eu/fortinet/creating-a-fortigate-vpn/ Home About Contact Cisco » Fortinet » General Security Linux News Windows Home About Contact Cisco » Fortinet » General Security Linux News Windows Home » Fortigate » Creating a Fortigate VPN Creating a Fortigate VPN Posted by Daniel on May 28, 2012 in Fortigate, Fortinet | 15 comments Like Be the first of your friends to like this. Hello, In this post i will show you how to create a policy based Fortigate VPN. I will be using FortiOS version 4.0 MR3. For the VPN tunnel we used the following topology: 1 of 9 06/04/2013 13:43
  • 2. Creating a Fortigate VPN | Network & Security Blog http://www.ipspace.eu/fortinet/creating-a-fortigate-vpn/ Creating Fortigate VPN Steps: I. Go to VPN > IPsec ->Auto Key (IKE) and select “Create Phase 1“ II. Enter the following information in Phase1 Name: Fortigate_VPN 1- This is a name to identify the VPN tunnel, you must remember this name as it will appear when configuration the Phase2. Remote Gateway – Enter the static IP of the VPN remote peer. In our example it is “2.2.2.2″ Local Interface – Select the interface that has outside Internet access. In our case we picked “WAN1″. Note: This interface cannot be a loopback interface. Mode: Main Mode Authentication: Pre Shared Key -> pick a share key with more than 6 letters. Click Advanced: Select the P1 Proposals (we picked): Encryption: 3DES Authentication: MD5 DH Group: 2 Keylive: 28800 Local ID: <none> XAUTH: Disabled NAT Traversal: Disabled Dead Peer Detection: Disable – Note:please keep in mind to set this to disabled in case you are 2 of 9 06/04/2013 13:43
  • 3. Creating a Fortigate VPN | Network & Security Blog http://www.ipspace.eu/fortinet/creating-a-fortigate-vpn/ peering with another VPN vendor. I have found out that this can break the VPN tunnel Click “OK” The VPN Phase1 one was now created successful. III. Now we need to create VPN Phase2, below are the steps: Name: Select a name that suits you, we picked “Phase2_Fortigate_VPN1” Phase1: Select the name of the Phase1 you created earlier. We picked” Fortigate_VPN1” Encryption: 3DES Authentication: MD5 Quick Mode Selector: This describes the IP ranges that you want passing through the VPN. As in the picture, we picked: The Source Address: 10.10.10.0/24 , that is behind our Fortigate_1 VPN appliance. The Destination Address: 10.20.20.0/24. that is behind our Fortigate_2 VPN appliance. IV. Define VPN Source Selectors 1. Create a firewall address, go to Firewall Objects > Addresses > Address and select “Create New“. Enter the following information and press “OK“: Address Name: Sales_Network Subnet/IP Range: 10.10.10.0/24 2. Create another firewall address( that is behind Fortigate 2) and go to Firewall Objects > Addresses > Address and select “Create New“. 3 of 9 06/04/2013 13:43
  • 4. Creating a Fortigate VPN | Network & Security Blog http://www.ipspace.eu/fortinet/creating-a-fortigate-vpn/ Enter the following information and press “OK“: Address Name: Remote_Sales_Network Subnet/IP Range: 10.20.20.0/24 V. Create a Firewall Policy on the Fortigate: a. Go to Policy > Policy b. Select Create New c. Enter the following information and press “OK” Source Interface/Zone – Select Internal Source Address Name – Select “Sales_Network” Destination Interface/Zone – Select WAN1 Destination Address Name – ”Remote_Sales_Network” Action – IPSEC VPN tunnel: Fortigate_VPN1 Select ONLY the following option: Allow Inbound and Allow Outbound Everything should be up and running now. Please let me know if you have any questions. Related Posts Fortigate Tips and Tricks Fortigate Troubleshooting – VPN Like Be the first of your friends to like this. 15 Comments 1. Santosh Kumar Nayak / June 2, 2012 Can you please help me in Blocking Google+ in Fortinet Firewall? I have already blocked Social Networking but it doesn’t get blocked by Firewall. 4 of 9 06/04/2013 13:43
  • 5. Creating a Fortigate VPN | Network & Security Blog http://www.ipspace.eu/fortinet/creating-a-fortigate-vpn/ Reply Daniel / June 2, 2012 Santhosh, You can create a new URL filter, or add to an existing one the “plus.google.com” URL and mark it as blocked. Also please be carefull that when applying the Web Filter, you also mark the inspection for HTTPS (as google plus could be using SSL). Hope it helps. Reply Santosh Kumar Nayak / June 13, 2012 Hi!!!! I tried that also, it didn’t work. It works only if I set https(Deep Scan). But in this case all my websites are asking for certificates even in outlook also. Is there any other way. Reply Daniel / June 15, 2012 So you added plus.google.com as a blocked URL and it didn’t work ? Please try something like this in the url filter: url: .*dropbox.com.* type: regex action: blocked enable: yes (ticked) I did not try this, but it should work. Please let me know the outcome Reply Santosh Kumar Nayak / June 18, 2012 Hi! It works for other sites. But for Google Plus it doesn’t block. If I give deep scanning then it blocks as Social Networking category. But 5 of 9 06/04/2013 13:43
  • 6. Creating a Fortigate VPN | Network & Security Blog http://www.ipspace.eu/fortinet/creating-a-fortigate-vpn/ for most of the sites it is getting Certificate issues. Is there any other solutions? 2. Daniel / June 11, 2012 Hi! Very nice description. You described the settings for one Fortigate. Is it right that I have to set up the remote sales network Fortigate the same way as the sales network Fortigateunit? Thank you in advance! Reply Daniel / June 13, 2012 Well, now I can answer my question myself: YES! Reply 3. Manuel Guzman / December 19, 2012 Good morning, i have an ipsec site to site betweeen a Fortigate 100d and a cisco SA520, i can access from the network that is behind the cisco to the one that is behind the fortigate but i can’t access from the one behind of fortigate to the one behind the cisco, any ideas or recommendation? Thank you Reply 4. Shabeer / February 10, 2013 I want to connect between two offices, using dyndns. In head office we already have 5 VPNs. I am new in office. Can you kindly show me what kind of configuration i can have to connect between 10.0.0.0/24 and 10.0.6.0/24 using dyndns. Reply 6 of 9 06/04/2013 13:43
  • 7. Creating a Fortigate VPN | Network & Security Blog http://www.ipspace.eu/fortinet/creating-a-fortigate-vpn/ kaleem / March 2, 2013 dear shabeer, i am also looking for same. if you got any material the. plz share with me at kaleemullahbilal@gmail.com Reply 5. James Greene / February 20, 2013 I am trying to setup a vpn tunnel to a cisco asa 5520. I get the following error: NO-PROPOSAL-CHOSEN from your side. Any help would be greatly appreciated Reply admin / February 20, 2013 Hello, That means that the Fortigate or the ASA side do not have the same encryption or source selector configured. The PHASE2 is not matching between the ASA and the Fortigate. Reply 6. Rene Bosshard / February 22, 2013 Very good and short post. I made it from a Fortigate 60b to a Zywall. I have a VPN-tunnel, but i can not ping nor access the servers behind. What is Wrong? Reply admin / March 1, 2013 I need the configuration of both firewalls to see this.. 7 of 9 06/04/2013 13:43
  • 8. Creating a Fortigate VPN | Network & Security Blog http://www.ipspace.eu/fortinet/creating-a-fortigate-vpn/ Reply 7. Daniel / July 8, 2012 Which IE browser are you using ? IE9 works fine. Reply Leave a Comment Your email address will not be published. Required fields are marked * You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> Sign up to our newsletter! Please subscribe to our weekly newsletter! Name: Email: 8 of 9 06/04/2013 13:43
  • 9. Creating a Fortigate VPN | Network & Security Blog http://www.ipspace.eu/fortinet/creating-a-fortigate-vpn/ Please subscribe for our weekly newsletter. We are planning or releasing PDFs and Videos that will help you in your day-to-day Engineering job! Designed by Elegant WordPress Themes | Powered by WordPress Home About Contact 9 of 9 06/04/2013 13:43