FortiGate IPSec VPN User Guide - FirewallShop.com
FortiGate IPSec VPN User Guide - FirewallShop.com
FortiGate IPSec VPN User Guide - FirewallShop.com
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Redundant <strong>VPN</strong> configurations<br />
Partially-redundant route-based <strong>VPN</strong> example<br />
To configure routes<br />
1 Go to Router > Static.<br />
2 Select Create New, enter the following default gateway information and then<br />
select OK:<br />
Destination IP/Mask 0.0.0.0/0.0.0.0<br />
Device<br />
WAN1<br />
Gateway 10.10.10.1<br />
Distance 10<br />
To configure firewall policies<br />
1 Go to Firewall > Policy.<br />
2 Select Create New, enter the following information, and select OK:<br />
Source Interface/Zone<br />
Source Address Name<br />
Destination Interface/Zone<br />
Destination Address Name<br />
Schedule<br />
Service<br />
Action<br />
Internal<br />
All<br />
Site_1_A<br />
All<br />
Always<br />
Any<br />
ACCEPT<br />
3 Select Create New, enter the following information, and select OK:<br />
Source Interface/Zone<br />
Source Address Name<br />
Destination Interface/Zone<br />
Destination Address Name<br />
Schedule<br />
Service<br />
Action<br />
Internal<br />
All<br />
Site_1_B<br />
All<br />
Always<br />
Any<br />
ACCEPT<br />
Configuring <strong>FortiGate</strong>_2<br />
The configuration for <strong>FortiGate</strong>_2 is similar to that of <strong>FortiGate</strong>_1. You must<br />
• configure the interface involved in the <strong>VPN</strong><br />
• define the phase 1 configuration for the primary and redundant paths, creating<br />
a virtual <strong>IPSec</strong> interface for each one<br />
• define the phase 2 configurations for the primary and redundant paths,<br />
defining the internal network as the source address so that <strong>FortiGate</strong>_1 can<br />
automatically configure routing<br />
• configure the routes for the two <strong>IPSec</strong> interfaces, assigning the appropriate<br />
priorities<br />
• configure firewall policies between the internal interface and each of the virtual<br />
<strong>IPSec</strong> interfaces<br />
<strong>FortiGate</strong> <strong>IPSec</strong> <strong>VPN</strong> Version 3.0 <strong>User</strong> <strong>Guide</strong><br />
01-30005-0065-20070716 101