Hello Team,

This is how I like to create VPN Tunnels from FortiGate to FortiGate. This way has worked for me and my favorite way to do it.

First, we have some questions. Why are we even doing this IPSEC tunnel between the FortiGate’s.

  1. One reason is that Private IP addresses cannot cross the internet. (Not that we would want them to)
  2. We want to encrypt our traffic between these sites to ensure that our traffic is protected and not be able to be seen by any attackers on the internet.

In this case scenario we have two sites that we need to talk to each other. One is California and the other is Washington.

California has the IP Subnet of 10.1.1.0/24

California has a DIA circuit with a public IP address of 104.26.5.5

Washington has the IP Subnet of 10.2.2.0/24

Washington has a DIA Circuit with a Public IP address of 206.25.8.3

Below is a Diagram of our setup and what the final product will look like.

Steps:

  1. Confirm reachability between the public IPs
    • Ping also could not be allowed but we should ensure that traffic is able to reach if possible
  2. Create the IPSEC Phase1 and Phase2 Interfaces
    • GUI
    • CLI
  3. Create the Firewall Polices for IPSEC Interfaces
  4. Create the Static Routes

Leave a Reply

Your email address will not be published. Required fields are marked *