FortiGate¶

Site to Site VPN¶

In the below example, we are creating a VPN tunnel from 192.168.122.0/24 to 10.137.0.0/26 and 10.137.5.0/26.

../_images/fortigate-site-to-site-vpn-1.png

Create the tunnel.

../_images/fortigate-site-to-site-vpn-2.png

Check if there are current objects for the destination range(s) (10.137.0.0 & 10.137.5.0). There are ranges already, because this guide was created after the work was done. See the search bar at the top-right.

../_images/fortigate-site-to-site-vpn-3.png

Create the objects for the destination range(s).

../_images/fortigate-site-to-site-vpn-4.png

Find the interface(s) that the source range(s) are connected to. The servers that are needing to communicate to the destination (10.137.0.0 & 10.137.5.0) is 192.168.122.144, 192.168.122.145 & 192.168.122.146.

../_images/fortigate-site-to-site-vpn-5.png

Find out what is currently allowed to the destination interface (DMZ) from the source IP addresses provided (192.168.122.144, 192.168.122.145 & 192.168.122.146). We know to search for “REDACTED” from the previous step.

../_images/fortigate-site-to-site-vpn-6.png

Create the policy.

../_images/fortigate-site-to-site-vpn-7.png

Management VDOM¶

You need the management VDOM (management-vdom root is default) and internet to keep the following alive:

AV/IPS updates
DNS queries
NTP time-sync
Webfilter rating look-ups
forticloud logging
SNMP, Email, alerting

In a multi-vdom environment, you can change the default vdom:

config global
config system global
  set management-vdom <vdom_name>
end

Read the Docs v: latest

Versions: latest

Downloads

On Read the Docs: Project Home; Builds

Free document hosting provided by Read the Docs.