FortiGate IPSec VPN User Guide - FirewallShop.com
FortiGate IPSec VPN User Guide - FirewallShop.com
FortiGate IPSec VPN User Guide - FirewallShop.com
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Dynamic spokes configuration example<br />
Hub-and-spoke configurations<br />
To define the phase 2 parameters<br />
1 Go to <strong>VPN</strong> > IPSEC > Auto Key.<br />
2 Select Create Phase 2, enter the following information, and select OK:<br />
Name<br />
Phase 1<br />
Advanced<br />
Source<br />
Enter a name for the tunnel (for example, toHub_ph2).<br />
Select the name of the phase 1 configuration that you defined<br />
previously, for example, toHub.<br />
Select to show the following Quick Mode Selector settings.<br />
Enter the address of the protected network at this spoke.<br />
For spoke_1, this is 10.1.1.0/24.<br />
For spoke_2, this is 10.1.2.0/24.<br />
Destination Enter the aggregate protected subnet address, 10.1.0.0/16.<br />
Define the firewall policies<br />
You need to define firewall addresses for the spokes and the aggregate protected<br />
network and then create a firewall policy to enable <strong>com</strong>munication between them.<br />
To define the IP address of the network behind the spoke<br />
1 Go to Firewall > Address.<br />
2 Select Create New, enter the following information, and select OK:<br />
Address Name<br />
Subnet/IP Range<br />
Enter an address name (for example, LocalNet).<br />
Enter the IP address of the private network behind the<br />
spoke.<br />
For spoke_1, this is 10.1.1.0/24.<br />
For spoke_2, this is 10.1.2.0/24.<br />
To specify the IP address of the aggregate protected network<br />
1 Go to Firewall > Address.<br />
2 Select Create New, enter the following information, and select OK:<br />
Address Name<br />
Subnet/IP Range<br />
Enter an address name (for example, Spoke_net).<br />
Enter the IP address of the aggregate protected<br />
network, 10.1.0.0/16).<br />
To define the firewall policy<br />
1 Go to Firewall > Policy.<br />
2 Select Create New, enter the following information, and select OK:<br />
Source<br />
Destination<br />
Schedule<br />
Interface/Zone<br />
Select the virtual <strong>IPSec</strong> interface, toHub.<br />
Address Name<br />
Select the aggregate protected network address<br />
Spoke_net<br />
Interface/Zone<br />
Select the interface to the internal (private) network,<br />
port1.<br />
Address Name<br />
Select the address for this spoke’s protected network<br />
LocalNet<br />
As required.<br />
<strong>FortiGate</strong> <strong>IPSec</strong> <strong>VPN</strong> Version 3.0 <strong>User</strong> <strong>Guide</strong><br />
46 01-30005-0065-20070716