Chapter 10- Cloud Technologies

10-3 Site to Site VPN between FortiGate on premise and FortiGate in the Azure

Learning Objectives

  • Configure a VPN Wizard in Azure
  • Configure site-to-site VPN between FortiGate on premise and Azure
  • Identify FortiGate subnets in Azure

 

Site to Site VPN between FortiGate on premise and FortiGate in the Azure
Figure 10-49: main scenario
Scenario: In this lab, we are going to create a site-to-site VPN from FortiGate on premise to FortiGate in the Azure. Knowing the configuration of section 10-2 is necessary for this lab. Port1 is set as a DHCP, so they will receive an IP address from Cloud.

Step 1- On Premise FortiGate Configuration

Table 10-3: Devices configuration
Device Interface IP address
FortiGate Port 1 DHCP Client
Port 2 192.168.10.1/24
WebTerm Eth0 192.168.10.2/24

1- Configure the interfaces of the firewall. Port2 by default is an internal interface and name as a “LAN” and Port1 is an external interface and name as a “WAN”

On Premise firewall Interfaces
Figure 10-50: Firewall Interfaces

2- Create a site-to-site VPN from IPSEC Wizard as Figures 10-51- to 10-53.

Step1- Select VPN Name
Figure 10-51: Step1- Select VPN Name
Step2- Set remote IP Address
Figure 10-52: Step2- Set remote IP Address
tep3- Set Policy & Routing
Figure 10-53: Step3- Set Policy & Routing

3- Create a static route to the default gateway.

Set a default gateway
Figure 10-54: Set a default gateway

Step 2 – Azure Configuration

1- Create a FortiGate firewall in Azure and configure the interfaces. You need to do all steps in the previous section(Section 10-1).

2- Create a VPN from IPSEC Wizard as Figures 10-55 to 10-57.

Step1- Select VPN Name in Azure
Figure 10-55: Step1- Select VPN Name
Step2-Set a remote IP address
Figure 10-56: Step2-Set a remote IP address
Step3-Set Policy & Routing
Figure 10-57: Step3-Set Policy & Routing

3-Add a Linux or Windows Virtual Machine to Protected subnet. You don’t need to enable public IP address. Your private IP address should be in the range of 10.0.2.0/24.

4-Go to VPN> IPSEC Tunnels and check status of the tunnel.

Check status of tunnel
Figure 10-58: Check status of tunnel

5- You should be able to ping from WebTerm to the Virtual Machine.

Ping from webterm to Windows VM
Figure 10-59: Ping from webterm to Windows VM

License

Icon for the Creative Commons Attribution 4.0 International License

FortiGate Firewall: Practical Guidance and Hands-On Labs by Hamid Talebi is licensed under a Creative Commons Attribution 4.0 International License, except where otherwise noted.

Share This Book