{"id":380,"date":"2022-05-18T18:44:43","date_gmt":"2022-05-18T22:44:43","guid":{"rendered":"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/chapter\/10-3-site-to-site-vpn-between-fortigate-on-prem-and-fortigate-in-the-azure\/"},"modified":"2023-08-24T14:14:22","modified_gmt":"2023-08-24T18:14:22","slug":"s2s-vpn-fortigate-on-prem-azure","status":"publish","type":"chapter","link":"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/chapter\/s2s-vpn-fortigate-on-prem-azure\/","title":{"raw":"10.3 Site to Site VPN between FortiGate on Premise and FortiGate in the Azure","rendered":"10.3 Site to Site VPN between FortiGate on Premise and FortiGate in the Azure"},"content":{"raw":"<div class=\"textbox textbox--learning-objectives\"><header class=\"textbox__header\">\r\n<p class=\"textbox__title\">Learning Objectives<\/p>\r\n\r\n<\/header>\r\n<div class=\"textbox__content\">\r\n<ul>\r\n \t<li>Configure a VPN Wizard in Azure<\/li>\r\n \t<li>Configure site-to-site VPN between FortiGate on premise and Azure<\/li>\r\n \t<li>Identify FortiGate subnets in Azure<\/li>\r\n<\/ul>\r\n<\/div>\r\n<\/div>\r\n\r\n[caption id=\"attachment_379\" align=\"aligncenter\" width=\"1265\"]<img class=\"wp-image-369 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/05\/pastedImage.png\" alt=\"Site to Site VPN between FortiGate on premise and FortiGate in the Azure\" width=\"1265\" height=\"673\" \/> Figure 10.49: Main scenario[\/caption]\r\n\r\n<div class=\"textbox shaded\"><strong>Scenario<\/strong>: In this lab, we are going to create a site-to-site VPN from FortiGate on premise to FortiGate in the Azure. Knowing the configuration from <a class=\"internal\" href=\"\/fortigatefirewall\/chapter\/deploy-fortigate-in-azure\/\">section 10.2<\/a> is necessary for this lab. Port1 is set as a DHCP, so they will receive an IP address from Cloud.<\/div>\r\n<table class=\"aligncenter\" style=\"border-collapse: collapse; width: 100%; height: 63px;\" border=\"0\"><caption>Table 10.3: Devices configuration<\/caption>\r\n<tbody>\r\n<tr style=\"height: 18px;\">\r\n<th style=\"width: 25%; height: 18px;\" scope=\"col\">Device<\/th>\r\n<th style=\"width: 25%; height: 18px;\" scope=\"col\">Interface<\/th>\r\n<th style=\"width: 25%; height: 18px;\" scope=\"col\">IP address<\/th>\r\n<\/tr>\r\n<tr style=\"height: 18px;\">\r\n<td style=\"width: 25%; height: 27px;\" rowspan=\"2\">FortiGate<\/td>\r\n<td style=\"width: 25%; height: 17px;\">Port 1<\/td>\r\n<td style=\"width: 25%; height: 17px;\">DHCP Client<\/td>\r\n<\/tr>\r\n<tr style=\"height: 10px;\">\r\n<td style=\"width: 25%; height: 10px;\">Port 2<\/td>\r\n<td style=\"width: 25%; height: 10px;\">192.168.10.1\/24<\/td>\r\n<\/tr>\r\n<tr style=\"height: 18px;\">\r\n<td style=\"width: 25%; height: 18px;\">WebTerm<\/td>\r\n<td style=\"width: 25%; height: 18px;\">Eth0<\/td>\r\n<td style=\"width: 25%; height: 18px;\">192.168.10.2\/24<\/td>\r\n<\/tr>\r\n<\/tbody>\r\n<\/table>\r\n<ol>\r\n \t<li>On Premise FortiGate Configuration. Follow these steps:\r\n<ol>\r\n \t<li>Configure the interfaces of the firewall. Port2 by default is an internal interface and name as a \"LAN\" and Port1 is an external interface and name as a \"WAN\".\r\n\r\n[caption id=\"attachment_379\" align=\"aligncenter\" width=\"1126\"]<img class=\"wp-image-370 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00071.png\" alt=\"On Premise firewall Interfaces \" width=\"1126\" height=\"232\" \/> Figure 10.50: Firewall interfaces[\/caption]<\/li>\r\n \t<li>Create a site-to-site VPN from IPsec Wizard as Figures 10.51 to 10.53.\r\n\r\n[caption id=\"attachment_379\" align=\"aligncenter\" width=\"1103\"]<img class=\"wp-image-371 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00075.png\" alt=\"Step1- Select VPN Name\" width=\"1103\" height=\"344\" \/> Figure 10.51: Select VPN name[\/caption]\r\n\r\n[caption id=\"attachment_379\" align=\"aligncenter\" width=\"1085\"]<img class=\"wp-image-372 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00076.png\" alt=\"Step2- Set remote IP Address\" width=\"1085\" height=\"294\" \/> Figure 10.52: Set remote IP address[\/caption]\r\n\r\n[caption id=\"attachment_379\" align=\"aligncenter\" width=\"1126\"]<img class=\"wp-image-373 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00077.png\" alt=\"tep3- Set Policy &amp; Routing\" width=\"1126\" height=\"312\" \/> Figure 10.53: Set Policy &amp; Routing[\/caption]<\/li>\r\n \t<li>Create a static route to the default gateway.\r\n\r\n[caption id=\"attachment_374\" align=\"aligncenter\" width=\"500\"]<img class=\"wp-image-374\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00078.png\" alt=\"Set a default gateway\" width=\"500\" height=\"287\" \/> Figure 10.54: Set a default gateway[\/caption]<\/li>\r\n<\/ol>\r\n<\/li>\r\n \t<li>Azure Configuration. Follow these steps:\r\n<ol>\r\n \t<li>Create a FortiGate firewall in Azure and configure the interfaces. You need to do all steps found in <a class=\"internal\" href=\"\/fortigatefirewall\/chapter\/ipsec-vpn-fortigate-azure\/\">section 10.1<\/a>.<\/li>\r\n \t<li>Create a VPN from IPsec Wizard as Figures 10.55 to 10.57.\r\n\r\n[caption id=\"attachment_379\" align=\"aligncenter\" width=\"1060\"]<img class=\"wp-image-375 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00072.png\" alt=\"Step1- Select VPN Name in Azure \" width=\"1060\" height=\"448\" \/> Figure 10.55: Select VPN name[\/caption]\r\n\r\n[caption id=\"attachment_379\" align=\"aligncenter\" width=\"1063\"]<img class=\"wp-image-376 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00073.png\" alt=\"Step2-Set a remote IP address\" width=\"1063\" height=\"376\" \/> Figure 10.56: Set a remote IP address[\/caption]\r\n\r\n[caption id=\"attachment_379\" align=\"aligncenter\" width=\"1094\"]<img class=\"wp-image-377 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00074.png\" alt=\"Step3-Set Policy &amp; Routing\" width=\"1094\" height=\"382\" \/> Figure 10.57: Set Policy &amp; Routing[\/caption]<\/li>\r\n \t<li>Add a Linux or Windows Virtual Machine to <strong>Protected subnet<\/strong>. You don't need to enable public IP address. Your private IP address should be in the range of 10.0.2.0\/24.<\/li>\r\n \t<li>Go to <strong>VPN<\/strong> &gt; <strong>IPsec Tunnels<\/strong> and check status of the tunnel.\r\n\r\n[caption id=\"attachment_379\" align=\"aligncenter\" width=\"1402\"]<img class=\"wp-image-378 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00079.png\" alt=\"Check status of tunnel\" width=\"1402\" height=\"238\" \/> Figure 10.58: Check status of tunnel[\/caption]<\/li>\r\n \t<li>You should be able to ping from WebTerm to the Virtual Machine.\r\n\r\n[caption id=\"attachment_379\" align=\"aligncenter\" width=\"531\"]<img class=\"wp-image-379 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/Untitled11.png\" alt=\"Ping from webterm to Windows VM\" width=\"531\" height=\"166\" \/> Figure 10.59: Ping from WebTerm to Windows VM[\/caption]<\/li>\r\n<\/ol>\r\n<\/li>\r\n<\/ol>","rendered":"<div class=\"textbox textbox--learning-objectives\">\n<header class=\"textbox__header\">\n<p class=\"textbox__title\">Learning Objectives<\/p>\n<\/header>\n<div class=\"textbox__content\">\n<ul>\n<li>Configure a VPN Wizard in Azure<\/li>\n<li>Configure site-to-site VPN between FortiGate on premise and Azure<\/li>\n<li>Identify FortiGate subnets in Azure<\/li>\n<\/ul>\n<\/div>\n<\/div>\n<figure id=\"attachment_379\" aria-describedby=\"caption-attachment-379\" style=\"width: 1265px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-369 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/05\/pastedImage.png\" alt=\"Site to Site VPN between FortiGate on premise and FortiGate in the Azure\" width=\"1265\" height=\"673\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/05\/pastedImage.png 1265w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/05\/pastedImage-300x160.png 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/05\/pastedImage-1024x545.png 1024w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/05\/pastedImage-768x409.png 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/05\/pastedImage-65x35.png 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/05\/pastedImage-225x120.png 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/05\/pastedImage-350x186.png 350w\" sizes=\"auto, (max-width: 1265px) 100vw, 1265px\" \/><figcaption id=\"caption-attachment-379\" class=\"wp-caption-text\">Figure 10.49: Main scenario<\/figcaption><\/figure>\n<div class=\"textbox shaded\"><strong>Scenario<\/strong>: In this lab, we are going to create a site-to-site VPN from FortiGate on premise to FortiGate in the Azure. Knowing the configuration from <a class=\"internal\" href=\"\/fortigatefirewall\/chapter\/deploy-fortigate-in-azure\/\">section 10.2<\/a> is necessary for this lab. Port1 is set as a DHCP, so they will receive an IP address from Cloud.<\/div>\n<table class=\"aligncenter\" style=\"border-collapse: collapse; width: 100%; height: 63px;\">\n<caption>Table 10.3: Devices configuration<\/caption>\n<tbody>\n<tr style=\"height: 18px;\">\n<th style=\"width: 25%; height: 18px;\" scope=\"col\">Device<\/th>\n<th style=\"width: 25%; height: 18px;\" scope=\"col\">Interface<\/th>\n<th style=\"width: 25%; height: 18px;\" scope=\"col\">IP address<\/th>\n<\/tr>\n<tr style=\"height: 18px;\">\n<td style=\"width: 25%; height: 27px;\" rowspan=\"2\">FortiGate<\/td>\n<td style=\"width: 25%; height: 17px;\">Port 1<\/td>\n<td style=\"width: 25%; height: 17px;\">DHCP Client<\/td>\n<\/tr>\n<tr style=\"height: 10px;\">\n<td style=\"width: 25%; height: 10px;\">Port 2<\/td>\n<td style=\"width: 25%; height: 10px;\">192.168.10.1\/24<\/td>\n<\/tr>\n<tr style=\"height: 18px;\">\n<td style=\"width: 25%; height: 18px;\">WebTerm<\/td>\n<td style=\"width: 25%; height: 18px;\">Eth0<\/td>\n<td style=\"width: 25%; height: 18px;\">192.168.10.2\/24<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<ol>\n<li>On Premise FortiGate Configuration. Follow these steps:\n<ol>\n<li>Configure the interfaces of the firewall. Port2 by default is an internal interface and name as a &#8220;LAN&#8221; and Port1 is an external interface and name as a &#8220;WAN&#8221;.<br \/>\n<figure id=\"attachment_379\" aria-describedby=\"caption-attachment-379\" style=\"width: 1126px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-370 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00071.png\" alt=\"On Premise firewall Interfaces\" width=\"1126\" height=\"232\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00071.png 1126w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00071-300x62.png 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00071-1024x211.png 1024w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00071-768x158.png 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00071-65x13.png 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00071-225x46.png 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00071-350x72.png 350w\" sizes=\"auto, (max-width: 1126px) 100vw, 1126px\" \/><figcaption id=\"caption-attachment-379\" class=\"wp-caption-text\">Figure 10.50: Firewall interfaces<\/figcaption><\/figure>\n<\/li>\n<li>Create a site-to-site VPN from IPsec Wizard as Figures 10.51 to 10.53.<br \/>\n<figure id=\"attachment_379\" aria-describedby=\"caption-attachment-379\" style=\"width: 1103px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-371 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00075.png\" alt=\"Step1- Select VPN Name\" width=\"1103\" height=\"344\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00075.png 1103w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00075-300x94.png 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00075-1024x319.png 1024w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00075-768x240.png 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00075-65x20.png 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00075-225x70.png 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00075-350x109.png 350w\" sizes=\"auto, (max-width: 1103px) 100vw, 1103px\" \/><figcaption id=\"caption-attachment-379\" class=\"wp-caption-text\">Figure 10.51: Select VPN name<\/figcaption><\/figure>\n<figure id=\"attachment_379\" aria-describedby=\"caption-attachment-379\" style=\"width: 1085px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-372 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00076.png\" alt=\"Step2- Set remote IP Address\" width=\"1085\" height=\"294\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00076.png 1085w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00076-300x81.png 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00076-1024x277.png 1024w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00076-768x208.png 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00076-65x18.png 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00076-225x61.png 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00076-350x95.png 350w\" sizes=\"auto, (max-width: 1085px) 100vw, 1085px\" \/><figcaption id=\"caption-attachment-379\" class=\"wp-caption-text\">Figure 10.52: Set remote IP address<\/figcaption><\/figure>\n<figure id=\"attachment_379\" aria-describedby=\"caption-attachment-379\" style=\"width: 1126px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-373 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00077.png\" alt=\"tep3- Set Policy &amp; Routing\" width=\"1126\" height=\"312\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00077.png 1126w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00077-300x83.png 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00077-1024x284.png 1024w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00077-768x213.png 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00077-65x18.png 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00077-225x62.png 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00077-350x97.png 350w\" sizes=\"auto, (max-width: 1126px) 100vw, 1126px\" \/><figcaption id=\"caption-attachment-379\" class=\"wp-caption-text\">Figure 10.53: Set Policy &amp; Routing<\/figcaption><\/figure>\n<\/li>\n<li>Create a static route to the default gateway.<br \/>\n<figure id=\"attachment_374\" aria-describedby=\"caption-attachment-374\" style=\"width: 500px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-374\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00078.png\" alt=\"Set a default gateway\" width=\"500\" height=\"287\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00078.png 851w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00078-300x172.png 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00078-768x441.png 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00078-65x37.png 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00078-225x129.png 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00078-350x201.png 350w\" sizes=\"auto, (max-width: 500px) 100vw, 500px\" \/><figcaption id=\"caption-attachment-374\" class=\"wp-caption-text\">Figure 10.54: Set a default gateway<\/figcaption><\/figure>\n<\/li>\n<\/ol>\n<\/li>\n<li>Azure Configuration. Follow these steps:\n<ol>\n<li>Create a FortiGate firewall in Azure and configure the interfaces. You need to do all steps found in <a class=\"internal\" href=\"\/fortigatefirewall\/chapter\/ipsec-vpn-fortigate-azure\/\">section 10.1<\/a>.<\/li>\n<li>Create a VPN from IPsec Wizard as Figures 10.55 to 10.57.<br \/>\n<figure id=\"attachment_379\" aria-describedby=\"caption-attachment-379\" style=\"width: 1060px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-375 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00072.png\" alt=\"Step1- Select VPN Name in Azure\" width=\"1060\" height=\"448\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00072.png 1060w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00072-300x127.png 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00072-1024x433.png 1024w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00072-768x325.png 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00072-65x27.png 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00072-225x95.png 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00072-350x148.png 350w\" sizes=\"auto, (max-width: 1060px) 100vw, 1060px\" \/><figcaption id=\"caption-attachment-379\" class=\"wp-caption-text\">Figure 10.55: Select VPN name<\/figcaption><\/figure>\n<figure id=\"attachment_379\" aria-describedby=\"caption-attachment-379\" style=\"width: 1063px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-376 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00073.png\" alt=\"Step2-Set a remote IP address\" width=\"1063\" height=\"376\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00073.png 1063w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00073-300x106.png 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00073-1024x362.png 1024w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00073-768x272.png 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00073-65x23.png 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00073-225x80.png 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00073-350x124.png 350w\" sizes=\"auto, (max-width: 1063px) 100vw, 1063px\" \/><figcaption id=\"caption-attachment-379\" class=\"wp-caption-text\">Figure 10.56: Set a remote IP address<\/figcaption><\/figure>\n<figure id=\"attachment_379\" aria-describedby=\"caption-attachment-379\" style=\"width: 1094px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-377 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00074.png\" alt=\"Step3-Set Policy &amp; Routing\" width=\"1094\" height=\"382\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00074.png 1094w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00074-300x105.png 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00074-1024x358.png 1024w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00074-768x268.png 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00074-65x23.png 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00074-225x79.png 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00074-350x122.png 350w\" sizes=\"auto, (max-width: 1094px) 100vw, 1094px\" \/><figcaption id=\"caption-attachment-379\" class=\"wp-caption-text\">Figure 10.57: Set Policy &amp; Routing<\/figcaption><\/figure>\n<\/li>\n<li>Add a Linux or Windows Virtual Machine to <strong>Protected subnet<\/strong>. You don&#8217;t need to enable public IP address. Your private IP address should be in the range of 10.0.2.0\/24.<\/li>\n<li>Go to <strong>VPN<\/strong> &gt; <strong>IPsec Tunnels<\/strong> and check status of the tunnel.<br \/>\n<figure id=\"attachment_379\" aria-describedby=\"caption-attachment-379\" style=\"width: 1402px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-378 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00079.png\" alt=\"Check status of tunnel\" width=\"1402\" height=\"238\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00079.png 1402w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00079-300x51.png 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00079-1024x174.png 1024w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00079-768x130.png 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00079-65x11.png 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00079-225x38.png 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/ScreenShot00079-350x59.png 350w\" sizes=\"auto, (max-width: 1402px) 100vw, 1402px\" \/><figcaption id=\"caption-attachment-379\" class=\"wp-caption-text\">Figure 10.58: Check status of tunnel<\/figcaption><\/figure>\n<\/li>\n<li>You should be able to ping from WebTerm to the Virtual Machine.<br \/>\n<figure id=\"attachment_379\" aria-describedby=\"caption-attachment-379\" style=\"width: 531px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-379 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/Untitled11.png\" alt=\"Ping from webterm to Windows VM\" width=\"531\" height=\"166\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/Untitled11.png 531w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/Untitled11-300x94.png 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/Untitled11-65x20.png 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/Untitled11-225x70.png 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/Untitled11-350x109.png 350w\" sizes=\"auto, (max-width: 531px) 100vw, 531px\" \/><figcaption id=\"caption-attachment-379\" class=\"wp-caption-text\">Figure 10.59: Ping from WebTerm to Windows VM<\/figcaption><\/figure>\n<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n","protected":false},"author":1562,"menu_order":3,"template":"","meta":{"pb_show_title":"on","pb_short_title":"","pb_subtitle":"","pb_authors":[],"pb_section_license":""},"chapter-type":[],"contributor":[],"license":[],"class_list":["post-380","chapter","type-chapter","status-publish","hentry"],"part":316,"_links":{"self":[{"href":"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-json\/pressbooks\/v2\/chapters\/380","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-json\/pressbooks\/v2\/chapters"}],"about":[{"href":"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-json\/wp\/v2\/types\/chapter"}],"author":[{"embeddable":true,"href":"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-json\/wp\/v2\/users\/1562"}],"version-history":[{"count":15,"href":"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-json\/pressbooks\/v2\/chapters\/380\/revisions"}],"predecessor-version":[{"id":1063,"href":"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-json\/pressbooks\/v2\/chapters\/380\/revisions\/1063"}],"part":[{"href":"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-json\/pressbooks\/v2\/parts\/316"}],"metadata":[{"href":"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-json\/pressbooks\/v2\/chapters\/380\/metadata\/"}],"wp:attachment":[{"href":"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-json\/wp\/v2\/media?parent=380"}],"wp:term":[{"taxonomy":"chapter-type","embeddable":true,"href":"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-json\/pressbooks\/v2\/chapter-type?post=380"},{"taxonomy":"contributor","embeddable":true,"href":"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-json\/wp\/v2\/contributor?post=380"},{"taxonomy":"license","embeddable":true,"href":"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-json\/wp\/v2\/license?post=380"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}