{"id":354,"date":"2022-04-27T22:11:05","date_gmt":"2022-04-28T02:11:05","guid":{"rendered":"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/chapter\/ipsec-vpn-fortigate-on-prem-to-azure\/"},"modified":"2023-08-23T18:10:32","modified_gmt":"2023-08-23T22:10:32","slug":"ipsec-vpn-fortigate-azure","status":"publish","type":"chapter","link":"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/chapter\/ipsec-vpn-fortigate-azure\/","title":{"raw":"10.1 IPsec VPN from FortiGate (on Premise) to Azure","rendered":"10.1 IPsec VPN from FortiGate (on Premise) to Azure"},"content":{"raw":"<div class=\"textbox textbox--learning-objectives\"><header class=\"textbox__header\">\r\n<p class=\"textbox__title\">Learning Objectives<\/p>\r\n\r\n<\/header>\r\n<ul>\r\n \t<li>Configure a Virtual Network Gateway in Azure<\/li>\r\n \t<li>Configure a local network gateway<\/li>\r\n \t<li>Create an IPSEC VPN between Firewall on-Premise and Azure<\/li>\r\n<\/ul>\r\n<\/div>\r\n<div class=\"textbox shaded\"><strong>Scenario<\/strong>: We are going to connect on premise FortiGate to Azure Virtual Gateway. This is going to be IPsec VPN between FortiGate and Azure. First, we will configure Azure and then connect FortiGate through Port1 to Azure Virtual Gateway.<\/div>\r\n\r\n[caption id=\"attachment_353\" align=\"alignnone\" width=\"1275\"]<img class=\"wp-image-317 size-full\" style=\"color: initial; font-family: 'Times New Roman', Georgia, 'SBL Greek', serif; font-size: 14pt;\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/04\/ScreenShot00128.jpg\" alt=\"main scenario IPSEC VPN from FortiGate (on premise) to Azure\" width=\"1275\" height=\"467\" \/> Figure 10.1: Main scenario[\/caption]\r\n<table class=\"aligncenter\" style=\"border-collapse: collapse; width: 100%;\" border=\"0\"><caption>Table 10.1: On-premise devices configuration<\/caption>\r\n<tbody>\r\n<tr style=\"height: 18px;\">\r\n<th style=\"width: 16.4488%; height: 18px;\" scope=\"col\">Device<\/th>\r\n<th style=\"width: 25.1089%; height: 18px;\" scope=\"col\">Configuration<\/th>\r\n<th style=\"width: 25.1089%; height: 18px;\" scope=\"col\">Access<\/th>\r\n<\/tr>\r\n<tr style=\"height: 18px;\">\r\n<td style=\"width: 16.4488%; height: 18px;\">FortiGate<\/td>\r\n<td style=\"width: 25.1089%; height: 18px;\">Port 1: DHCP Client\r\n\r\nPort 2: 192.168.10.1\/24<\/td>\r\n<td style=\"width: 25.1089%; height: 18px;\">Port1: HTTP, HTTPS, PING\r\n\r\n&nbsp;<\/td>\r\n<\/tr>\r\n<tr style=\"height: 18px;\">\r\n<td style=\"width: 16.4488%; height: 18px;\">\u00a0WebTerm1<\/td>\r\n<td style=\"width: 25.1089%; height: 18px;\">192.168.10.2\/24<\/td>\r\n<td style=\"width: 25.1089%; height: 18px;\">-<\/td>\r\n<\/tr>\r\n<\/tbody>\r\n<\/table>\r\n<h2>Azure Configuration<\/h2>\r\n<ol>\r\n \t<li>Create a resource group in Azure as following:\r\n<ul>\r\n \t<li>Resource group: <strong>FG<\/strong><\/li>\r\n \t<li>Region: <strong>West US<\/strong><\/li>\r\n<\/ul>\r\n[caption id=\"attachment_353\" align=\"aligncenter\" width=\"1905\"]<img class=\"wp-image-318 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00080-1.jpg\" alt=\"Step1-Create a resource group\" width=\"1905\" height=\"727\" \/> Figure 10.2: Create a resource group[\/caption]\r\n\r\n[caption id=\"attachment_353\" align=\"aligncenter\" width=\"1062\"]<img class=\"wp-image-319 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00081-1.jpg\" alt=\"Step 2- create a resource group\" width=\"1062\" height=\"552\" \/> Figure 10.3: Create a resource group[\/caption]\r\n\r\n[caption id=\"attachment_320\" align=\"aligncenter\" width=\"400\"]<img class=\"wp-image-320\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00082.jpg\" alt=\"Step3- create a resource group\" width=\"400\" height=\"476\" \/> Figure 10.4: Create a resource group[\/caption]<\/li>\r\n \t<li>Create a virtual network as following:\r\n<ul>\r\n \t<li>Resource group:<strong> FG<\/strong><\/li>\r\n \t<li>Name: <strong>Azure-FG<\/strong><\/li>\r\n \t<li>Region: <strong>West US<\/strong><\/li>\r\n \t<li>Change the default subnet: <strong>10.0.1.0\/24<\/strong><\/li>\r\n<\/ul>\r\n[caption id=\"attachment_353\" align=\"aligncenter\" width=\"1039\"]<img class=\"wp-image-321 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00083.jpg\" alt=\"Step1- create a virtual network\" width=\"1039\" height=\"819\" \/> Figure 10.5: Create a virtual network[\/caption]\r\n\r\n[caption id=\"attachment_353\" align=\"aligncenter\" width=\"1493\"]<img class=\"wp-image-322 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00084-1.jpg\" alt=\"Step2- create a virtual network(Change default subnet)\" width=\"1493\" height=\"864\" \/> Figure 10.6: Create a virtual network (change default subnet)[\/caption]\r\n\r\n[caption id=\"attachment_353\" align=\"aligncenter\" width=\"1069\"]<img class=\"wp-image-323 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00085-1.jpg\" alt=\"Step3- create a virtual network\" width=\"1069\" height=\"841\" \/> Figure 10.7: Create a virtual network[\/caption]\r\n\r\n[caption id=\"attachment_353\" align=\"alignnone\" width=\"1086\"]<img class=\"wp-image-324 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00086-1.jpg\" alt=\"Step4- create a virtual network - Creating a Tag\" width=\"1086\" height=\"825\" \/> Figure 10.8: Create a virtual network[\/caption]\r\n\r\n[caption id=\"attachment_325\" align=\"aligncenter\" width=\"450\"]<img class=\"wp-image-325\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00087-1.jpg\" alt=\"Step5- create a virtual network &quot;Review + Create&quot;\" width=\"450\" height=\"425\" \/> Figure 10.9: Create a virtual network[\/caption]<\/li>\r\n \t<li>Create a virtual network gateway as following:\r\n<ul>\r\n \t<li><strong>Name:<\/strong> Azure-VPN-FG<\/li>\r\n \t<li><strong>Region:<\/strong> West US<\/li>\r\n \t<li><strong>Generation:<\/strong> Generation1<\/li>\r\n \t<li><strong>Gateway subnet address range:<\/strong> 10.0.0.0\/24<\/li>\r\n \t<li><strong>Public IP address name:<\/strong> AzurePublic<\/li>\r\n<\/ul>\r\nClick on \"Create and Review\". It takes around <strong>25<\/strong> minutes to deploy a virtual network gateway in Azure.\r\n\r\n[caption id=\"attachment_353\" align=\"alignnone\" width=\"1905\"]<img class=\"wp-image-326 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00091-1.jpg\" alt=\"Step1- create a virtual network gateway\" width=\"1905\" height=\"790\" \/> Figure 10.10: Create a virtual network gateway[\/caption]\r\n\r\n[caption id=\"attachment_353\" align=\"alignnone\" width=\"1007\"]<img class=\"wp-image-327 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00092-1.jpg\" alt=\"Step 2- create a virtual network gateway\" width=\"1007\" height=\"823\" \/> Figure 10.11: Create a virtual network gateway[\/caption]\r\n\r\n[caption id=\"attachment_353\" align=\"alignnone\" width=\"1058\"]<img class=\"wp-image-328 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00093.jpg\" alt=\"Step3- create a virtual network gateway - Gateway subnet and Public IP address\" width=\"1058\" height=\"828\" \/> Figure 10.12: Create a virtual network gateway[\/caption]\r\n\r\n[caption id=\"attachment_329\" align=\"aligncenter\" width=\"400\"]<img class=\"wp-image-329\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00094-1.jpg\" alt=\"Step 4- create a virtual network gateway (review + create)\" width=\"400\" height=\"373\" \/> Figure 10.13: Create a virtual network gateway (review + create)[\/caption]\r\n\r\n[caption id=\"attachment_353\" align=\"alignnone\" width=\"1878\"]<img class=\"wp-image-330 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00095-1.jpg\" alt=\"Step 5- create a virtual network gateway( Deployment)\" width=\"1878\" height=\"625\" \/> Figure 10.14: Create a virtual network gateway (deployment)[\/caption]\r\n\r\n[caption id=\"attachment_353\" align=\"alignnone\" width=\"1908\"]<img class=\"wp-image-331 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00104.jpg\" alt=\"Step 6- Deployment of virtual network gateway\" width=\"1908\" height=\"569\" \/> Figure 10.15: Deployment of virtual network gateway[\/caption]<\/li>\r\n \t<li>Create a local network gateway as following:\r\n<ul>\r\n \t<li><strong>Resource Group:<\/strong> FG<\/li>\r\n \t<li><strong>Region:<\/strong> West US<\/li>\r\n \t<li><strong>Name:<\/strong> FortiGate<\/li>\r\n \t<li><strong>IP Address:<\/strong> IP_Address_of_Port1_FortiGate (On premise)<\/li>\r\n \t<li><strong>Address Space:<\/strong> IP_Address_LocalNetwork<\/li>\r\n<\/ul>\r\n[caption id=\"attachment_353\" align=\"alignnone\" width=\"1902\"]<img class=\"wp-image-332 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00105.jpg\" alt=\"Step 1- create a local network gateway\" width=\"1902\" height=\"781\" \/> Figure 10.16: Create a local network gateway[\/caption]\r\n\r\n[caption id=\"attachment_353\" align=\"alignnone\" width=\"1225\"]<img class=\"wp-image-333 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00106.jpg\" alt=\"Step 2- create a local network gateway- IP Address, Region and Name\" width=\"1225\" height=\"853\" \/> Figure 10.17: Create a local network gateway[\/caption]\r\n\r\n[caption id=\"attachment_334\" align=\"aligncenter\" width=\"400\"]<img class=\"wp-image-334\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00107.jpg\" alt=\"Step 3- create a local network gateway (review + create)\" width=\"400\" height=\"329\" \/> Figure 10.18: Create a local network gateway (review + create)[\/caption]\r\n\r\n[caption id=\"attachment_353\" align=\"alignnone\" width=\"1487\"]<img class=\"wp-image-335 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00108.jpg\" alt=\"Step 4- Verify local network gateway deployment\" width=\"1487\" height=\"520\" \/> Figure 10.19: Verify local network gateway deployment[\/caption]<\/li>\r\n \t<li>Go to Virtual network gateway and create a connection in <strong>Virtual network gateways<\/strong> &gt; <strong>connections<\/strong> &gt; <strong>Add<\/strong>:\r\n\r\n[caption id=\"attachment_336\" align=\"aligncenter\" width=\"1910\"]<img class=\"wp-image-336 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00109-2.jpg\" alt=\"Add connections\" width=\"1910\" height=\"689\" \/> Figure 10.20: Add connections[\/caption]\r\n\r\n[caption id=\"attachment_337\" align=\"aligncenter\" width=\"400\"]<img class=\"wp-image-337\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00110.jpg\" alt=\"Step 2- Connection configuration\" width=\"400\" height=\"419\" \/> Figure 10.21: Connection configuration[\/caption]\r\n\r\nBased on the Microsoft article <a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/vpn-gateway\/vpn-gateway-about-compliance-crypto\">\u201cAbout cryptographic requirements and Azure VPN gateways\u201d<\/a>, by default, integrity is SHA384, SHA256, SHA1, MD5 and encryption is AES256, AES192, AES128, DES3, DES. So, we will select SHA1 and AES128 in FortiGate. After doing this step, you should receive a Public IP address in Overview tab.\r\n\r\n[caption id=\"attachment_353\" align=\"aligncenter\" width=\"1883\"]<img class=\"wp-image-338 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00111.jpg\" alt=\"Step 3- Verify public IP address\" width=\"1883\" height=\"673\" \/> Figure 10.22: Verify public IP address[\/caption]<\/li>\r\n<\/ol>\r\n<h2>FortiGate Configuration<\/h2>\r\n<ol>\r\n \t<li>First, we will configure port 2 IP address.\r\n\r\n[caption id=\"attachment_353\" align=\"alignnone\" width=\"1233\"]<img class=\"wp-image-339 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00099-1.jpg\" alt=\"Set an IP address for port2\" width=\"1233\" height=\"742\" \/> Figure 10.23: Set an IP address for port2[\/caption]\r\n\r\n[caption id=\"attachment_353\" align=\"alignnone\" width=\"1100\"]<img class=\"wp-image-340 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00100.jpg\" alt=\"Por1 and Port2 IP addresses\" width=\"1100\" height=\"686\" \/> Figure 10.24: Port1 and Port2 IP addresses[\/caption]<\/li>\r\n \t<li>Create a static route to port1 (WAN Port) as Figure 10.25.\r\n\r\n[caption id=\"attachment_353\" align=\"alignnone\" width=\"1277\"]<img class=\"wp-image-341 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00101.jpg\" alt=\"Create a static route to port1(WAN Port)\" width=\"1277\" height=\"740\" \/> Figure 10.25: Create a static route[\/caption]<\/li>\r\n \t<li>Create a IPsec Wizard as a custom.\r\n\r\n[caption id=\"attachment_353\" align=\"alignnone\" width=\"1382\"]<img class=\"wp-image-342 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00102.jpg\" alt=\"Create a IPSEC Wizard as a custom\" width=\"1382\" height=\"499\" \/> Figure 10.26: Create a custom VPN[\/caption]\r\n<ul>\r\n \t<li><strong>Remote Gateway IP Address:<\/strong> <em>Public_IP_Address_Azure_Virtual_Gateway<\/em><\/li>\r\n \t<li><strong>Nat Traversal:<\/strong> Disable<\/li>\r\n \t<li><strong>Pre-shared Key:<\/strong> <em>The same as Azure key (123456789)<\/em><\/li>\r\n \t<li><strong>Local Address:<\/strong> 192.168.10.0\/24<\/li>\r\n \t<li><strong>Remote Address:<\/strong> 10.0.0.0\/16<\/li>\r\n \t<li><strong>Phase 1:<\/strong> Encryption: AES128, Authentication: SHA-1, DH: 2, lifetime: 28800<\/li>\r\n \t<li><strong>Phase 2:<\/strong> Encryption: AES128, Authentication: SHA-1, DH: 2, lifetime: 27000<\/li>\r\n<\/ul>\r\n[caption id=\"attachment_343\" align=\"aligncenter\" width=\"500\"]<img class=\"wp-image-343\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00113.jpg\" alt=\"Step 2- Create a custom VPN\" width=\"500\" height=\"369\" \/> Figure 10.27: Create a custom VPN[\/caption]\r\n\r\n[caption id=\"attachment_344\" align=\"aligncenter\" width=\"500\"]<img class=\"wp-image-344\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00114.jpg\" alt=\"Step 3- Create a custom VPN\" width=\"500\" height=\"319\" \/> Figure 10.28: Create a custom VPN[\/caption]\r\n\r\n[caption id=\"attachment_345\" align=\"aligncenter\" width=\"500\"]<img class=\"wp-image-345\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00112.jpg\" alt=\"Step 4- Create a custom VPN\" width=\"500\" height=\"373\" \/> Figure 10.29: Create a custom VPN[\/caption]<\/li>\r\n \t<li>Create a firewall policy from Port 2 to Tunnel and from Tunnel to Port2. We will create a subnet for LAN on premise and a subnet for Microsoft Azure. Like site-to-site VPN we learned previously, NAT should be disabled here.\r\n\r\n[caption id=\"attachment_346\" align=\"aligncenter\" width=\"400\"]<img class=\"wp-image-346\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00116.jpg\" alt=\"Create a subnet for local network\" width=\"400\" height=\"241\" \/> Figure 10.30: Create a subnet for local network[\/caption]\r\n\r\n[caption id=\"attachment_347\" align=\"aligncenter\" width=\"400\"]<img class=\"wp-image-347\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00117.jpg\" alt=\"Create a subnet for Azure local\" width=\"400\" height=\"196\" \/> Figure 10.31: Create a subnet for Azure local[\/caption]\r\n\r\n[caption id=\"attachment_353\" align=\"aligncenter\" width=\"1270\"]<img class=\"wp-image-348 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00118.jpg\" alt=\"Create a policy from port2 to FG-Azure Tunnel\" width=\"1270\" height=\"936\" \/> Figure 10.32: Create a policy from port2 to FG-Azure Tunnel[\/caption]\r\n\r\n[caption id=\"attachment_353\" align=\"alignnone\" width=\"1920\"]<img class=\"wp-image-349 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00119.jpg\" alt=\"Create a policy from FG-Azure Tunnel to port2\" width=\"1920\" height=\"845\" \/> Figure 10.33: Create a policy from FG-Azure Tunnel to port2[\/caption]\r\n\r\n[caption id=\"attachment_353\" align=\"aligncenter\" width=\"1258\"]<img class=\"wp-image-350 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00120.jpg\" alt=\"Create a policy from FG-Azure Tunnel to port2\" width=\"1258\" height=\"891\" \/> Figure 10.34: Create a policy from FG-Azure Tunnel to port2[\/caption]\r\n\r\n[caption id=\"attachment_353\" align=\"alignnone\" width=\"1915\"]<img class=\"wp-image-351 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00121.jpg\" alt=\"List of Firewall Policies \" width=\"1915\" height=\"382\" \/> Figure 10.35: Firewall Policies[\/caption]<\/li>\r\n<\/ol>\r\n<h2>Verify Connections<\/h2>\r\nIf you navigate to IPsec Tunnel, the status should be up.\r\n\r\n[caption id=\"attachment_353\" align=\"alignnone\" width=\"1904\"]<img class=\"wp-image-352 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00122.jpg\" alt=\"Verify status in FortiGate\" width=\"1904\" height=\"545\" \/> Figure 10.36: Verify status in FortiGate[\/caption]\r\n\r\n[caption id=\"attachment_353\" align=\"alignnone\" width=\"1876\"]<img class=\"wp-image-353 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00123.jpg\" alt=\"Verify status in Azure\" width=\"1876\" height=\"771\" \/> Figure 10.37: Verify status in Azure[\/caption]","rendered":"<div class=\"textbox textbox--learning-objectives\">\n<header class=\"textbox__header\">\n<p class=\"textbox__title\">Learning Objectives<\/p>\n<\/header>\n<ul>\n<li>Configure a Virtual Network Gateway in Azure<\/li>\n<li>Configure a local network gateway<\/li>\n<li>Create an IPSEC VPN between Firewall on-Premise and Azure<\/li>\n<\/ul>\n<\/div>\n<div class=\"textbox shaded\"><strong>Scenario<\/strong>: We are going to connect on premise FortiGate to Azure Virtual Gateway. This is going to be IPsec VPN between FortiGate and Azure. First, we will configure Azure and then connect FortiGate through Port1 to Azure Virtual Gateway.<\/div>\n<figure id=\"attachment_353\" aria-describedby=\"caption-attachment-353\" style=\"width: 1275px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-317 size-full\" style=\"color: initial; font-family: 'Times New Roman', Georgia, 'SBL Greek', serif; font-size: 14pt;\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/04\/ScreenShot00128.jpg\" alt=\"main scenario IPSEC VPN from FortiGate (on premise) to Azure\" width=\"1275\" height=\"467\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/04\/ScreenShot00128.jpg 1275w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/04\/ScreenShot00128-300x110.jpg 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/04\/ScreenShot00128-1024x375.jpg 1024w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/04\/ScreenShot00128-768x281.jpg 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/04\/ScreenShot00128-65x24.jpg 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/04\/ScreenShot00128-225x82.jpg 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/04\/ScreenShot00128-350x128.jpg 350w\" sizes=\"auto, (max-width: 1275px) 100vw, 1275px\" \/><figcaption id=\"caption-attachment-353\" class=\"wp-caption-text\">Figure 10.1: Main scenario<\/figcaption><\/figure>\n<table class=\"aligncenter\" style=\"border-collapse: collapse; width: 100%;\">\n<caption>Table 10.1: On-premise devices configuration<\/caption>\n<tbody>\n<tr style=\"height: 18px;\">\n<th style=\"width: 16.4488%; height: 18px;\" scope=\"col\">Device<\/th>\n<th style=\"width: 25.1089%; height: 18px;\" scope=\"col\">Configuration<\/th>\n<th style=\"width: 25.1089%; height: 18px;\" scope=\"col\">Access<\/th>\n<\/tr>\n<tr style=\"height: 18px;\">\n<td style=\"width: 16.4488%; height: 18px;\">FortiGate<\/td>\n<td style=\"width: 25.1089%; height: 18px;\">Port 1: DHCP Client<\/p>\n<p>Port 2: 192.168.10.1\/24<\/td>\n<td style=\"width: 25.1089%; height: 18px;\">Port1: HTTP, HTTPS, PING<\/p>\n<p>&nbsp;<\/td>\n<\/tr>\n<tr style=\"height: 18px;\">\n<td style=\"width: 16.4488%; height: 18px;\">\u00a0WebTerm1<\/td>\n<td style=\"width: 25.1089%; height: 18px;\">192.168.10.2\/24<\/td>\n<td style=\"width: 25.1089%; height: 18px;\">&#8211;<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>Azure Configuration<\/h2>\n<ol>\n<li>Create a resource group in Azure as following:\n<ul>\n<li>Resource group: <strong>FG<\/strong><\/li>\n<li>Region: <strong>West US<\/strong><\/li>\n<\/ul>\n<figure id=\"attachment_353\" aria-describedby=\"caption-attachment-353\" style=\"width: 1905px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-318 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00080-1.jpg\" alt=\"Step1-Create a resource group\" width=\"1905\" height=\"727\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00080-1.jpg 1905w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00080-1-300x114.jpg 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00080-1-1024x391.jpg 1024w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00080-1-768x293.jpg 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00080-1-1536x586.jpg 1536w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00080-1-65x25.jpg 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00080-1-225x86.jpg 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00080-1-350x134.jpg 350w\" sizes=\"auto, (max-width: 1905px) 100vw, 1905px\" \/><figcaption id=\"caption-attachment-353\" class=\"wp-caption-text\">Figure 10.2: Create a resource group<\/figcaption><\/figure>\n<figure id=\"attachment_353\" aria-describedby=\"caption-attachment-353\" style=\"width: 1062px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-319 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00081-1.jpg\" alt=\"Step 2- create a resource group\" width=\"1062\" height=\"552\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00081-1.jpg 1062w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00081-1-300x156.jpg 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00081-1-1024x532.jpg 1024w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00081-1-768x399.jpg 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00081-1-65x34.jpg 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00081-1-225x117.jpg 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00081-1-350x182.jpg 350w\" sizes=\"auto, (max-width: 1062px) 100vw, 1062px\" \/><figcaption id=\"caption-attachment-353\" class=\"wp-caption-text\">Figure 10.3: Create a resource group<\/figcaption><\/figure>\n<figure id=\"attachment_320\" aria-describedby=\"caption-attachment-320\" style=\"width: 400px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-320\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00082.jpg\" alt=\"Step3- create a resource group\" width=\"400\" height=\"476\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00082.jpg 688w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00082-252x300.jpg 252w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00082-65x77.jpg 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00082-225x268.jpg 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00082-350x416.jpg 350w\" sizes=\"auto, (max-width: 400px) 100vw, 400px\" \/><figcaption id=\"caption-attachment-320\" class=\"wp-caption-text\">Figure 10.4: Create a resource group<\/figcaption><\/figure>\n<\/li>\n<li>Create a virtual network as following:\n<ul>\n<li>Resource group:<strong> FG<\/strong><\/li>\n<li>Name: <strong>Azure-FG<\/strong><\/li>\n<li>Region: <strong>West US<\/strong><\/li>\n<li>Change the default subnet: <strong>10.0.1.0\/24<\/strong><\/li>\n<\/ul>\n<figure id=\"attachment_353\" aria-describedby=\"caption-attachment-353\" style=\"width: 1039px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-321 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00083.jpg\" alt=\"Step1- create a virtual network\" width=\"1039\" height=\"819\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00083.jpg 1039w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00083-300x236.jpg 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00083-1024x807.jpg 1024w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00083-768x605.jpg 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00083-65x51.jpg 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00083-225x177.jpg 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00083-350x276.jpg 350w\" sizes=\"auto, (max-width: 1039px) 100vw, 1039px\" \/><figcaption id=\"caption-attachment-353\" class=\"wp-caption-text\">Figure 10.5: Create a virtual network<\/figcaption><\/figure>\n<figure id=\"attachment_353\" aria-describedby=\"caption-attachment-353\" style=\"width: 1493px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-322 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00084-1.jpg\" alt=\"Step2- create a virtual network(Change default subnet)\" width=\"1493\" height=\"864\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00084-1.jpg 1493w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00084-1-300x174.jpg 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00084-1-1024x593.jpg 1024w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00084-1-768x444.jpg 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00084-1-65x38.jpg 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00084-1-225x130.jpg 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00084-1-350x203.jpg 350w\" sizes=\"auto, (max-width: 1493px) 100vw, 1493px\" \/><figcaption id=\"caption-attachment-353\" class=\"wp-caption-text\">Figure 10.6: Create a virtual network (change default subnet)<\/figcaption><\/figure>\n<figure id=\"attachment_353\" aria-describedby=\"caption-attachment-353\" style=\"width: 1069px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-323 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00085-1.jpg\" alt=\"Step3- create a virtual network\" width=\"1069\" height=\"841\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00085-1.jpg 1069w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00085-1-300x236.jpg 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00085-1-1024x806.jpg 1024w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00085-1-768x604.jpg 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00085-1-65x51.jpg 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00085-1-225x177.jpg 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00085-1-350x275.jpg 350w\" sizes=\"auto, (max-width: 1069px) 100vw, 1069px\" \/><figcaption id=\"caption-attachment-353\" class=\"wp-caption-text\">Figure 10.7: Create a virtual network<\/figcaption><\/figure>\n<figure id=\"attachment_353\" aria-describedby=\"caption-attachment-353\" style=\"width: 1086px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-324 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00086-1.jpg\" alt=\"Step4- create a virtual network - Creating a Tag\" width=\"1086\" height=\"825\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00086-1.jpg 1086w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00086-1-300x228.jpg 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00086-1-1024x778.jpg 1024w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00086-1-768x583.jpg 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00086-1-65x49.jpg 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00086-1-225x171.jpg 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00086-1-350x266.jpg 350w\" sizes=\"auto, (max-width: 1086px) 100vw, 1086px\" \/><figcaption id=\"caption-attachment-353\" class=\"wp-caption-text\">Figure 10.8: Create a virtual network<\/figcaption><\/figure>\n<figure id=\"attachment_325\" aria-describedby=\"caption-attachment-325\" style=\"width: 450px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-325\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00087-1.jpg\" alt=\"Step5- create a virtual network &quot;Review + Create&quot;\" width=\"450\" height=\"425\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00087-1.jpg 880w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00087-1-300x283.jpg 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00087-1-768x725.jpg 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00087-1-65x61.jpg 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00087-1-225x212.jpg 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00087-1-350x331.jpg 350w\" sizes=\"auto, (max-width: 450px) 100vw, 450px\" \/><figcaption id=\"caption-attachment-325\" class=\"wp-caption-text\">Figure 10.9: Create a virtual network<\/figcaption><\/figure>\n<\/li>\n<li>Create a virtual network gateway as following:\n<ul>\n<li><strong>Name:<\/strong> Azure-VPN-FG<\/li>\n<li><strong>Region:<\/strong> West US<\/li>\n<li><strong>Generation:<\/strong> Generation1<\/li>\n<li><strong>Gateway subnet address range:<\/strong> 10.0.0.0\/24<\/li>\n<li><strong>Public IP address name:<\/strong> AzurePublic<\/li>\n<\/ul>\n<p>Click on &#8220;Create and Review&#8221;. It takes around <strong>25<\/strong> minutes to deploy a virtual network gateway in Azure.<\/p>\n<figure id=\"attachment_353\" aria-describedby=\"caption-attachment-353\" style=\"width: 1905px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-326 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00091-1.jpg\" alt=\"Step1- create a virtual network gateway\" width=\"1905\" height=\"790\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00091-1.jpg 1905w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00091-1-300x124.jpg 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00091-1-1024x425.jpg 1024w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00091-1-768x318.jpg 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00091-1-1536x637.jpg 1536w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00091-1-65x27.jpg 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00091-1-225x93.jpg 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00091-1-350x145.jpg 350w\" sizes=\"auto, (max-width: 1905px) 100vw, 1905px\" \/><figcaption id=\"caption-attachment-353\" class=\"wp-caption-text\">Figure 10.10: Create a virtual network gateway<\/figcaption><\/figure>\n<figure id=\"attachment_353\" aria-describedby=\"caption-attachment-353\" style=\"width: 1007px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-327 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00092-1.jpg\" alt=\"Step 2- create a virtual network gateway\" width=\"1007\" height=\"823\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00092-1.jpg 1007w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00092-1-300x245.jpg 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00092-1-768x628.jpg 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00092-1-65x53.jpg 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00092-1-225x184.jpg 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00092-1-350x286.jpg 350w\" sizes=\"auto, (max-width: 1007px) 100vw, 1007px\" \/><figcaption id=\"caption-attachment-353\" class=\"wp-caption-text\">Figure 10.11: Create a virtual network gateway<\/figcaption><\/figure>\n<figure id=\"attachment_353\" aria-describedby=\"caption-attachment-353\" style=\"width: 1058px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-328 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00093.jpg\" alt=\"Step3- create a virtual network gateway - Gateway subnet and Public IP address\" width=\"1058\" height=\"828\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00093.jpg 1058w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00093-300x235.jpg 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00093-1024x801.jpg 1024w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00093-768x601.jpg 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00093-65x51.jpg 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00093-225x176.jpg 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00093-350x274.jpg 350w\" sizes=\"auto, (max-width: 1058px) 100vw, 1058px\" \/><figcaption id=\"caption-attachment-353\" class=\"wp-caption-text\">Figure 10.12: Create a virtual network gateway<\/figcaption><\/figure>\n<figure id=\"attachment_329\" aria-describedby=\"caption-attachment-329\" style=\"width: 400px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-329\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00094-1.jpg\" alt=\"Step 4- create a virtual network gateway (review + create)\" width=\"400\" height=\"373\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00094-1.jpg 888w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00094-1-300x279.jpg 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00094-1-768x715.jpg 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00094-1-65x61.jpg 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00094-1-225x210.jpg 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00094-1-350x326.jpg 350w\" sizes=\"auto, (max-width: 400px) 100vw, 400px\" \/><figcaption id=\"caption-attachment-329\" class=\"wp-caption-text\">Figure 10.13: Create a virtual network gateway (review + create)<\/figcaption><\/figure>\n<figure id=\"attachment_353\" aria-describedby=\"caption-attachment-353\" style=\"width: 1878px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-330 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00095-1.jpg\" alt=\"Step 5- create a virtual network gateway( Deployment)\" width=\"1878\" height=\"625\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00095-1.jpg 1878w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00095-1-300x100.jpg 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00095-1-1024x341.jpg 1024w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00095-1-768x256.jpg 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00095-1-1536x511.jpg 1536w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00095-1-65x22.jpg 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00095-1-225x75.jpg 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00095-1-350x116.jpg 350w\" sizes=\"auto, (max-width: 1878px) 100vw, 1878px\" \/><figcaption id=\"caption-attachment-353\" class=\"wp-caption-text\">Figure 10.14: Create a virtual network gateway (deployment)<\/figcaption><\/figure>\n<figure id=\"attachment_353\" aria-describedby=\"caption-attachment-353\" style=\"width: 1908px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-331 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00104.jpg\" alt=\"Step 6- Deployment of virtual network gateway\" width=\"1908\" height=\"569\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00104.jpg 1908w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00104-300x89.jpg 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00104-1024x305.jpg 1024w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00104-768x229.jpg 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00104-1536x458.jpg 1536w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00104-65x19.jpg 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00104-225x67.jpg 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00104-350x104.jpg 350w\" sizes=\"auto, (max-width: 1908px) 100vw, 1908px\" \/><figcaption id=\"caption-attachment-353\" class=\"wp-caption-text\">Figure 10.15: Deployment of virtual network gateway<\/figcaption><\/figure>\n<\/li>\n<li>Create a local network gateway as following:\n<ul>\n<li><strong>Resource Group:<\/strong> FG<\/li>\n<li><strong>Region:<\/strong> West US<\/li>\n<li><strong>Name:<\/strong> FortiGate<\/li>\n<li><strong>IP Address:<\/strong> IP_Address_of_Port1_FortiGate (On premise)<\/li>\n<li><strong>Address Space:<\/strong> IP_Address_LocalNetwork<\/li>\n<\/ul>\n<figure id=\"attachment_353\" aria-describedby=\"caption-attachment-353\" style=\"width: 1902px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-332 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00105.jpg\" alt=\"Step 1- create a local network gateway\" width=\"1902\" height=\"781\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00105.jpg 1902w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00105-300x123.jpg 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00105-1024x420.jpg 1024w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00105-768x315.jpg 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00105-1536x631.jpg 1536w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00105-65x27.jpg 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00105-225x92.jpg 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00105-350x144.jpg 350w\" sizes=\"auto, (max-width: 1902px) 100vw, 1902px\" \/><figcaption id=\"caption-attachment-353\" class=\"wp-caption-text\">Figure 10.16: Create a local network gateway<\/figcaption><\/figure>\n<figure id=\"attachment_353\" aria-describedby=\"caption-attachment-353\" style=\"width: 1225px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-333 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00106.jpg\" alt=\"Step 2- create a local network gateway- IP Address, Region and Name\" width=\"1225\" height=\"853\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00106.jpg 1225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00106-300x209.jpg 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00106-1024x713.jpg 1024w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00106-768x535.jpg 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00106-65x45.jpg 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00106-225x157.jpg 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00106-350x244.jpg 350w\" sizes=\"auto, (max-width: 1225px) 100vw, 1225px\" \/><figcaption id=\"caption-attachment-353\" class=\"wp-caption-text\">Figure 10.17: Create a local network gateway<\/figcaption><\/figure>\n<figure id=\"attachment_334\" aria-describedby=\"caption-attachment-334\" style=\"width: 400px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-334\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00107.jpg\" alt=\"Step 3- create a local network gateway (review + create)\" width=\"400\" height=\"329\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00107.jpg 1042w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00107-300x247.jpg 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00107-1024x842.jpg 1024w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00107-768x632.jpg 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00107-65x53.jpg 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00107-225x185.jpg 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00107-350x288.jpg 350w\" sizes=\"auto, (max-width: 400px) 100vw, 400px\" \/><figcaption id=\"caption-attachment-334\" class=\"wp-caption-text\">Figure 10.18: Create a local network gateway (review + create)<\/figcaption><\/figure>\n<figure id=\"attachment_353\" aria-describedby=\"caption-attachment-353\" style=\"width: 1487px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-335 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00108.jpg\" alt=\"Step 4- Verify local network gateway deployment\" width=\"1487\" height=\"520\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00108.jpg 1487w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00108-300x105.jpg 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00108-1024x358.jpg 1024w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00108-768x269.jpg 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00108-65x23.jpg 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00108-225x79.jpg 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00108-350x122.jpg 350w\" sizes=\"auto, (max-width: 1487px) 100vw, 1487px\" \/><figcaption id=\"caption-attachment-353\" class=\"wp-caption-text\">Figure 10.19: Verify local network gateway deployment<\/figcaption><\/figure>\n<\/li>\n<li>Go to Virtual network gateway and create a connection in <strong>Virtual network gateways<\/strong> &gt; <strong>connections<\/strong> &gt; <strong>Add<\/strong>:<br \/>\n<figure id=\"attachment_336\" aria-describedby=\"caption-attachment-336\" style=\"width: 1910px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-336 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00109-2.jpg\" alt=\"Add connections\" width=\"1910\" height=\"689\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00109-2.jpg 1910w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00109-2-300x108.jpg 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00109-2-1024x369.jpg 1024w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00109-2-768x277.jpg 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00109-2-1536x554.jpg 1536w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00109-2-65x23.jpg 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00109-2-225x81.jpg 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00109-2-350x126.jpg 350w\" sizes=\"auto, (max-width: 1910px) 100vw, 1910px\" \/><figcaption id=\"caption-attachment-336\" class=\"wp-caption-text\">Figure 10.20: Add connections<\/figcaption><\/figure>\n<figure id=\"attachment_337\" aria-describedby=\"caption-attachment-337\" style=\"width: 400px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-337\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00110.jpg\" alt=\"Step 2- Connection configuration\" width=\"400\" height=\"419\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00110.jpg 736w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00110-286x300.jpg 286w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00110-65x68.jpg 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00110-225x236.jpg 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00110-350x367.jpg 350w\" sizes=\"auto, (max-width: 400px) 100vw, 400px\" \/><figcaption id=\"caption-attachment-337\" class=\"wp-caption-text\">Figure 10.21: Connection configuration<\/figcaption><\/figure>\n<p>Based on the Microsoft article <a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/vpn-gateway\/vpn-gateway-about-compliance-crypto\">\u201cAbout cryptographic requirements and Azure VPN gateways\u201d<\/a>, by default, integrity is SHA384, SHA256, SHA1, MD5 and encryption is AES256, AES192, AES128, DES3, DES. So, we will select SHA1 and AES128 in FortiGate. After doing this step, you should receive a Public IP address in Overview tab.<\/p>\n<figure id=\"attachment_353\" aria-describedby=\"caption-attachment-353\" style=\"width: 1883px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-338 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00111.jpg\" alt=\"Step 3- Verify public IP address\" width=\"1883\" height=\"673\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00111.jpg 1883w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00111-300x107.jpg 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00111-1024x366.jpg 1024w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00111-768x274.jpg 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00111-1536x549.jpg 1536w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00111-65x23.jpg 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00111-225x80.jpg 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00111-350x125.jpg 350w\" sizes=\"auto, (max-width: 1883px) 100vw, 1883px\" \/><figcaption id=\"caption-attachment-353\" class=\"wp-caption-text\">Figure 10.22: Verify public IP address<\/figcaption><\/figure>\n<\/li>\n<\/ol>\n<h2>FortiGate Configuration<\/h2>\n<ol>\n<li>First, we will configure port 2 IP address.<br \/>\n<figure id=\"attachment_353\" aria-describedby=\"caption-attachment-353\" style=\"width: 1233px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-339 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00099-1.jpg\" alt=\"Set an IP address for port2\" width=\"1233\" height=\"742\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00099-1.jpg 1233w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00099-1-300x181.jpg 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00099-1-1024x616.jpg 1024w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00099-1-768x462.jpg 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00099-1-65x39.jpg 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00099-1-225x135.jpg 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00099-1-350x211.jpg 350w\" sizes=\"auto, (max-width: 1233px) 100vw, 1233px\" \/><figcaption id=\"caption-attachment-353\" class=\"wp-caption-text\">Figure 10.23: Set an IP address for port2<\/figcaption><\/figure>\n<figure id=\"attachment_353\" aria-describedby=\"caption-attachment-353\" style=\"width: 1100px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-340 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00100.jpg\" alt=\"Por1 and Port2 IP addresses\" width=\"1100\" height=\"686\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00100.jpg 1100w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00100-300x187.jpg 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00100-1024x639.jpg 1024w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00100-768x479.jpg 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00100-65x41.jpg 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00100-225x140.jpg 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00100-350x218.jpg 350w\" sizes=\"auto, (max-width: 1100px) 100vw, 1100px\" \/><figcaption id=\"caption-attachment-353\" class=\"wp-caption-text\">Figure 10.24: Port1 and Port2 IP addresses<\/figcaption><\/figure>\n<\/li>\n<li>Create a static route to port1 (WAN Port) as Figure 10.25.<br \/>\n<figure id=\"attachment_353\" aria-describedby=\"caption-attachment-353\" style=\"width: 1277px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-341 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00101.jpg\" alt=\"Create a static route to port1(WAN Port)\" width=\"1277\" height=\"740\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00101.jpg 1277w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00101-300x174.jpg 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00101-1024x593.jpg 1024w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00101-768x445.jpg 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00101-65x38.jpg 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00101-225x130.jpg 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00101-350x203.jpg 350w\" sizes=\"auto, (max-width: 1277px) 100vw, 1277px\" \/><figcaption id=\"caption-attachment-353\" class=\"wp-caption-text\">Figure 10.25: Create a static route<\/figcaption><\/figure>\n<\/li>\n<li>Create a IPsec Wizard as a custom.<br \/>\n<figure id=\"attachment_353\" aria-describedby=\"caption-attachment-353\" style=\"width: 1382px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-342 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00102.jpg\" alt=\"Create a IPSEC Wizard as a custom\" width=\"1382\" height=\"499\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00102.jpg 1382w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00102-300x108.jpg 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00102-1024x370.jpg 1024w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00102-768x277.jpg 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00102-65x23.jpg 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00102-225x81.jpg 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00102-350x126.jpg 350w\" sizes=\"auto, (max-width: 1382px) 100vw, 1382px\" \/><figcaption id=\"caption-attachment-353\" class=\"wp-caption-text\">Figure 10.26: Create a custom VPN<\/figcaption><\/figure>\n<ul>\n<li><strong>Remote Gateway IP Address:<\/strong> <em>Public_IP_Address_Azure_Virtual_Gateway<\/em><\/li>\n<li><strong>Nat Traversal:<\/strong> Disable<\/li>\n<li><strong>Pre-shared Key:<\/strong> <em>The same as Azure key (123456789)<\/em><\/li>\n<li><strong>Local Address:<\/strong> 192.168.10.0\/24<\/li>\n<li><strong>Remote Address:<\/strong> 10.0.0.0\/16<\/li>\n<li><strong>Phase 1:<\/strong> Encryption: AES128, Authentication: SHA-1, DH: 2, lifetime: 28800<\/li>\n<li><strong>Phase 2:<\/strong> Encryption: AES128, Authentication: SHA-1, DH: 2, lifetime: 27000<\/li>\n<\/ul>\n<figure id=\"attachment_343\" aria-describedby=\"caption-attachment-343\" style=\"width: 500px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-343\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00113.jpg\" alt=\"Step 2- Create a custom VPN\" width=\"500\" height=\"369\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00113.jpg 1114w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00113-300x221.jpg 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00113-1024x756.jpg 1024w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00113-768x567.jpg 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00113-65x48.jpg 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00113-225x166.jpg 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00113-350x258.jpg 350w\" sizes=\"auto, (max-width: 500px) 100vw, 500px\" \/><figcaption id=\"caption-attachment-343\" class=\"wp-caption-text\">Figure 10.27: Create a custom VPN<\/figcaption><\/figure>\n<figure id=\"attachment_344\" aria-describedby=\"caption-attachment-344\" style=\"width: 500px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-344\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00114.jpg\" alt=\"Step 3- Create a custom VPN\" width=\"500\" height=\"319\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00114.jpg 1117w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00114-300x191.jpg 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00114-1024x653.jpg 1024w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00114-768x490.jpg 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00114-65x41.jpg 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00114-225x143.jpg 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00114-350x223.jpg 350w\" sizes=\"auto, (max-width: 500px) 100vw, 500px\" \/><figcaption id=\"caption-attachment-344\" class=\"wp-caption-text\">Figure 10.28: Create a custom VPN<\/figcaption><\/figure>\n<figure id=\"attachment_345\" aria-describedby=\"caption-attachment-345\" style=\"width: 500px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-345\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00112.jpg\" alt=\"Step 4- Create a custom VPN\" width=\"500\" height=\"373\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00112.jpg 1130w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00112-300x224.jpg 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00112-1024x763.jpg 1024w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00112-768x572.jpg 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00112-65x48.jpg 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00112-225x168.jpg 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00112-350x261.jpg 350w\" sizes=\"auto, (max-width: 500px) 100vw, 500px\" \/><figcaption id=\"caption-attachment-345\" class=\"wp-caption-text\">Figure 10.29: Create a custom VPN<\/figcaption><\/figure>\n<\/li>\n<li>Create a firewall policy from Port 2 to Tunnel and from Tunnel to Port2. We will create a subnet for LAN on premise and a subnet for Microsoft Azure. Like site-to-site VPN we learned previously, NAT should be disabled here.<br \/>\n<figure id=\"attachment_346\" aria-describedby=\"caption-attachment-346\" style=\"width: 400px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-346\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00116.jpg\" alt=\"Create a subnet for local network\" width=\"400\" height=\"241\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00116.jpg 871w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00116-300x181.jpg 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00116-768x463.jpg 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00116-65x39.jpg 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00116-225x136.jpg 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00116-350x211.jpg 350w\" sizes=\"auto, (max-width: 400px) 100vw, 400px\" \/><figcaption id=\"caption-attachment-346\" class=\"wp-caption-text\">Figure 10.30: Create a subnet for local network<\/figcaption><\/figure>\n<figure id=\"attachment_347\" aria-describedby=\"caption-attachment-347\" style=\"width: 400px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-347\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00117.jpg\" alt=\"Create a subnet for Azure local\" width=\"400\" height=\"196\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00117.jpg 933w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00117-300x147.jpg 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00117-768x377.jpg 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00117-65x32.jpg 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00117-225x110.jpg 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00117-350x172.jpg 350w\" sizes=\"auto, (max-width: 400px) 100vw, 400px\" \/><figcaption id=\"caption-attachment-347\" class=\"wp-caption-text\">Figure 10.31: Create a subnet for Azure local<\/figcaption><\/figure>\n<figure id=\"attachment_353\" aria-describedby=\"caption-attachment-353\" style=\"width: 1270px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-348 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00118.jpg\" alt=\"Create a policy from port2 to FG-Azure Tunnel\" width=\"1270\" height=\"936\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00118.jpg 1270w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00118-300x221.jpg 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00118-1024x755.jpg 1024w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00118-768x566.jpg 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00118-65x48.jpg 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00118-225x166.jpg 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00118-350x258.jpg 350w\" sizes=\"auto, (max-width: 1270px) 100vw, 1270px\" \/><figcaption id=\"caption-attachment-353\" class=\"wp-caption-text\">Figure 10.32: Create a policy from port2 to FG-Azure Tunnel<\/figcaption><\/figure>\n<figure id=\"attachment_353\" aria-describedby=\"caption-attachment-353\" style=\"width: 1920px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-349 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00119.jpg\" alt=\"Create a policy from FG-Azure Tunnel to port2\" width=\"1920\" height=\"845\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00119.jpg 1920w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00119-300x132.jpg 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00119-1024x451.jpg 1024w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00119-768x338.jpg 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00119-1536x676.jpg 1536w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00119-65x29.jpg 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00119-225x99.jpg 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00119-350x154.jpg 350w\" sizes=\"auto, (max-width: 1920px) 100vw, 1920px\" \/><figcaption id=\"caption-attachment-353\" class=\"wp-caption-text\">Figure 10.33: Create a policy from FG-Azure Tunnel to port2<\/figcaption><\/figure>\n<figure id=\"attachment_353\" aria-describedby=\"caption-attachment-353\" style=\"width: 1258px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-350 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00120.jpg\" alt=\"Create a policy from FG-Azure Tunnel to port2\" width=\"1258\" height=\"891\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00120.jpg 1258w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00120-300x212.jpg 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00120-1024x725.jpg 1024w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00120-768x544.jpg 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00120-65x46.jpg 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00120-225x159.jpg 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00120-350x248.jpg 350w\" sizes=\"auto, (max-width: 1258px) 100vw, 1258px\" \/><figcaption id=\"caption-attachment-353\" class=\"wp-caption-text\">Figure 10.34: Create a policy from FG-Azure Tunnel to port2<\/figcaption><\/figure>\n<figure id=\"attachment_353\" aria-describedby=\"caption-attachment-353\" style=\"width: 1915px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-351 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00121.jpg\" alt=\"List of Firewall Policies\" width=\"1915\" height=\"382\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00121.jpg 1915w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00121-300x60.jpg 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00121-1024x204.jpg 1024w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00121-768x153.jpg 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00121-1536x306.jpg 1536w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00121-65x13.jpg 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00121-225x45.jpg 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00121-350x70.jpg 350w\" sizes=\"auto, (max-width: 1915px) 100vw, 1915px\" \/><figcaption id=\"caption-attachment-353\" class=\"wp-caption-text\">Figure 10.35: Firewall Policies<\/figcaption><\/figure>\n<\/li>\n<\/ol>\n<h2>Verify Connections<\/h2>\n<p>If you navigate to IPsec Tunnel, the status should be up.<\/p>\n<figure id=\"attachment_353\" aria-describedby=\"caption-attachment-353\" style=\"width: 1904px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-352 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00122.jpg\" alt=\"Verify status in FortiGate\" width=\"1904\" height=\"545\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00122.jpg 1904w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00122-300x86.jpg 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00122-1024x293.jpg 1024w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00122-768x220.jpg 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00122-1536x440.jpg 1536w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00122-65x19.jpg 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00122-225x64.jpg 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00122-350x100.jpg 350w\" sizes=\"auto, (max-width: 1904px) 100vw, 1904px\" \/><figcaption id=\"caption-attachment-353\" class=\"wp-caption-text\">Figure 10.36: Verify status in FortiGate<\/figcaption><\/figure>\n<figure id=\"attachment_353\" aria-describedby=\"caption-attachment-353\" style=\"width: 1876px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-353 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00123.jpg\" alt=\"Verify status in Azure\" width=\"1876\" height=\"771\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00123.jpg 1876w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00123-300x123.jpg 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00123-1024x421.jpg 1024w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00123-768x316.jpg 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00123-1536x631.jpg 1536w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00123-65x27.jpg 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00123-225x92.jpg 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00123-350x144.jpg 350w\" sizes=\"auto, (max-width: 1876px) 100vw, 1876px\" \/><figcaption id=\"caption-attachment-353\" class=\"wp-caption-text\">Figure 10.37: Verify status in Azure<\/figcaption><\/figure>\n","protected":false},"author":1562,"menu_order":1,"template":"","meta":{"pb_show_title":"on","pb_short_title":"","pb_subtitle":"","pb_authors":[],"pb_section_license":""},"chapter-type":[],"contributor":[],"license":[],"class_list":["post-354","chapter","type-chapter","status-publish","hentry"],"part":316,"_links":{"self":[{"href":"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-json\/pressbooks\/v2\/chapters\/354","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-json\/pressbooks\/v2\/chapters"}],"about":[{"href":"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-json\/wp\/v2\/types\/chapter"}],"author":[{"embeddable":true,"href":"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-json\/wp\/v2\/users\/1562"}],"version-history":[{"count":21,"href":"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-json\/pressbooks\/v2\/chapters\/354\/revisions"}],"predecessor-version":[{"id":1057,"href":"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-json\/pressbooks\/v2\/chapters\/354\/revisions\/1057"}],"part":[{"href":"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-json\/pressbooks\/v2\/parts\/316"}],"metadata":[{"href":"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-json\/pressbooks\/v2\/chapters\/354\/metadata\/"}],"wp:attachment":[{"href":"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-json\/wp\/v2\/media?parent=354"}],"wp:term":[{"taxonomy":"chapter-type","embeddable":true,"href":"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-json\/pressbooks\/v2\/chapter-type?post=354"},{"taxonomy":"contributor","embeddable":true,"href":"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-json\/wp\/v2\/contributor?post=354"},{"taxonomy":"license","embeddable":true,"href":"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-json\/wp\/v2\/license?post=354"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}