Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
118 views15 pages

40-FortiManager VPN Setup

The document outlines the steps to create a Star Topology IPsec VPN Community, including configuring Phase 1 and Phase 2 settings. It details the creation of VPN gateways for a hub and two spokes, specifying roles and protected subnets, as well as the installation of the VPN configuration using the Install Wizard. The process involves setting public IP addresses for the gateways and applying the configuration to the FortiGate devices.

Uploaded by

Williams
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
118 views15 pages

40-FortiManager VPN Setup

The document outlines the steps to create a Star Topology IPsec VPN Community, including configuring Phase 1 and Phase 2 settings. It details the creation of VPN gateways for a hub and two spokes, specifying roles and protected subnets, as well as the installation of the VPN configuration using the Install Wizard. The process involves setting public IP addresses for the gateways and applying the configuration to the FortiGate devices.

Uploaded by

Williams
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 15

VPN Setup:

Create VPN Community:


You may create Full-Meshed, Star, and Dial-Up IPsec VPN Communities. IPsec VPN Communities
are also sometimes called VPN topologies. We create a Star Topology with a hub and a spoke:
Go to VPN Manager > IPsec VPN.

In the toolbar, click Create New. The VPN Topology Setup Wizard dialog appears. Enter a name
for the topology, In the Choose VPN topology field, Select Star Click Next.

1 | P a g e Created by Ahmad Ali E-Mail: [email protected] , WhatsApp: 00966564303717


Configure Phase 1 and Phase 2 according to your requirements.

2 | P a g e Created by Ahmad Ali E-Mail: [email protected] , WhatsApp: 00966564303717


Finally, Phase 1 and Phase 2 details are configured click OK.

3 | P a g e Created by Ahmad Ali E-Mail: [email protected] , WhatsApp: 00966564303717


Create IPSEC VPN Gateways:
A VPN gateway functions as one end of a VPN tunnel. It receives incoming IPsec packets,
decrypts the encapsulated data packets, then passes the data packets to the local network. It
also encrypts, encapsulates, and sends the IPsec data packets to the gateway at the other end
of the VPN tunnel. The IP address of a VPN gateway is usually the IP address of the network
interface that connects to the Internet. Go to VPN Manager > IPsec VPN. In the tree menu,
IPsec, In the toolbar, click Create New > Managed Gateway.

The VPN Gateway Setup Wizard – IPsec dialog appears. Select a Protected Subnet, and click OK.
If you don’t have object already created click on plus icon to create.

Let’s create HQ Subnet 10.0.1.0/24 Object.

4 | P a g e Created by Ahmad Ali E-Mail: [email protected] , WhatsApp: 00966564303717


Let’s create DC Subnet 10.0.2.0/24 Object.

Let’s create BR Subnet 10.0.3.0/24 Object.

5 | P a g e Created by Ahmad Ali E-Mail: [email protected] , WhatsApp: 00966564303717


Select a Protected Subnet, and click OK.

Set the Role field to Hub and click Next.

6 | P a g e Created by Ahmad Ali E-Mail: [email protected] , WhatsApp: 00966564303717


Default VPN interface usually the internet-facing interface in this case port1 click Next.

Set the local Gateway the public IP Address of Internet facing Interface 192.168.1.1.

7 | P a g e Created by Ahmad Ali E-Mail: [email protected] , WhatsApp: 00966564303717


In Routing choose the Automatic Option and Click OK.

Create SPOKE-1 DC-FW:


The VPN Gateway Setup Wizard – IPsec dialog appears. Select a Protected Subnet, and click OK.

8 | P a g e Created by Ahmad Ali E-Mail: [email protected] , WhatsApp: 00966564303717


Set the Role field to Spoke this time and from dropdown choose DC-FW click Next.

Default VPN interface usually the internet-facing interface in this case port1 click Next.

9 | P a g e Created by Ahmad Ali E-Mail: [email protected] , WhatsApp: 00966564303717


Set the Local Gateway the public IP Address of Internet facing Interface 192.168.3.1.

In Routing choose the Automatic Option and Click OK.

10 | P a g e Created by Ahmad Ali E-Mail: [email protected] , WhatsApp: 00966564303717


Create SPOKE-2 BR-FW:
The VPN Gateway Setup Wizard – IPsec dialog appears. Select a Protected Subnet, and click OK.

Set the Role field to Spoke this time and from dropdown choose BR-FW click Next.

11 | P a g e Created by Ahmad Ali E-Mail: [email protected] , WhatsApp: 00966564303717


Default VPN interface usually the internet-facing interface in this case port1 click Next.

Set the Local Gateway the public IP Address of Internet facing Interface 192.168.5.1.

12 | P a g e Created by Ahmad Ali E-Mail: [email protected] , WhatsApp: 00966564303717


In Routing choose the Automatic Option and Click OK.

Finally, one Hub and two Spokes are created.

13 | P a g e Created by Ahmad Ali E-Mail: [email protected] , WhatsApp: 00966564303717


Apply VPN Configuration:
Install the VPN Configuration using Install Wizard on Hub and Spokes one by one. Fallow the
Wizard choose Install Policy Package & Device Settings from dropdown choose HQ-FW Click
Next to continue.

Click Next to Continue.

Click Install to push the changes from FortiManager to FortiGate.

14 | P a g e Created by Ahmad Ali E-Mail: [email protected] , WhatsApp: 00966564303717


Similarly, install Wizard on Spoke-1 DC-FW and Spoke-2 BR-FW

15 | P a g e Created by Ahmad Ali E-Mail: [email protected] , WhatsApp: 00966564303717

You might also like