The FortiGate 100D series is an ideal security solution for small and medium enterprises or remote branch offices of larger networks. It combines firewall, IPsec and SS-VPN, application control, intrusion prevention, anti-malware, antispam, P2P security, and web filtering into a single device. Simple, Powerful, Secure
Issue with Site to Site IPSec VPN Tunnel So I have two Fortigates, one is a 60D and the other is a 90D. The 60D is the “main site” and the 90D is the remote site. Apr 15, 2016 · ! tunnel #1 config vpn ipsec phase1-interface edit "p1-v-4bdd1c7c-0" set interface "WAN1" set dpd enable set local-gw EXT.IP.ADDRESS set dhgrp 2 set proposal aes128-sha1 set keylife 28800 set remote-gw 72.21.XX.XX set psksecret sekrets set dpd-retryinterval 10 next end ! tunnel #2 config vpn ipsec phase1-interface edit "p1-v-4bdd1c7c-1" set IPsec VPN Throughput (512 byte) 1 48 Gbps Gateway-to-Gateway IPsec VPN Tunnels 20,000 Client-to-Gateway IPsec VPN Tunnels 100,000 SSL-VPN Throughput 3.6 Gbps Concurrent SSL-VPN Users (Recommended Maximum, Tunnel Mode) 10,000 SSL Inspection Throughput (IPS, avg. HTTPS) 3 5.0 Gbps SSL Inspection CPS (IPS, avg. HTTPS) 3 2,700 FortiGate 300D FG-300D 6x GE RJ45 ports, 4x GE SFP slots, SPU NP6 and CP8 hardware accelerated, 120 GB onboard storage. Optional Accessories External Redundant AC Power Supply FRPS-100 External redundant AC power supply for up to 4 units: FG-300C, FG-310B, FS-348B and FS-448B. #diag vpn tunnel list Repeat this command 5 times with 5 sec interval time while your are trying to send traffic through the tunnel. #diag debug en #diag vpn gw list Ø Sniffer traces Please take 2 sniffer traces simultaneously at both ends of the tunnel. In case of a site to site, please sniff in verbose 3 at both ends while you try sending
#diag vpn tunnel list Repeat this command 5 times with 5 sec interval time while your are trying to send traffic through the tunnel. #diag debug en #diag vpn gw list Ø Sniffer traces Please take 2 sniffer traces simultaneously at both ends of the tunnel. In case of a site to site, please sniff in verbose 3 at both ends while you try sending
add vpn tunnel 1 type numbered local 169.254.44.234 remote 169.254.44.233 peer AWS_VPC_Tunnel_1 set interface vpnt1 state on set interface vpnt1 mtu 1436 Repeat these commands to create the second tunnel, using the information provided under the IPSec Tunnel #2 section of the configuration file. Contents IPsec VPNs for FortiOS 4.0 MR3 7 01-434-112804-20120111 http://docs.fortinet.com/ Configure the FortiGate unit . Netmask: FortiGate netmask; Select OK. Configure the VPN settings for the VPN tunnel connection. To configure the VPN, go to VPN. Ensure Enable VPN is selected in the VPN Global Settings section. Select Add in the VPN Policies area. Select the General tab and configure the following: IPSec Keying Mode: IKE using Preshared Secret. Name
Device will be the Tunnel Interface you named in Phase 1; Default distance of 10 is fine. You should be able to see the VPN tunnel established in the IPsec Monitor under the VPN|Monitor section. Additionally, you should be able to ping from local to remote networks. Furthermore, you will see the routes propagated in the Fortigate’s route table.
By default, FortiGate provisions the IPSec tunnel in route-based mode. This topic focuses on FortiGate with a route-based VPN configuration. If necessary, you can have FortiGate provision the IPSec tunnel in policy-based mode. To enable the feature, go to System, and then to Feature Visiblity.