FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Description This article demonstrates the deployment of OCVPN (Overlay Controller Virtual Private Network).
OCVPN is meant to be really fast and easy to configure because it will automatically create: - Local and remote address groups - Routes - Policies - Phase 1 Configuration (+ tunnel interface) - Phase 2 Configuration
In this setup, we have the following: - FortiGate VM01 with Client Subnet 192.168.1.0/24 on port2 - FortiGate VM02 with client subnet 192.168.2.0/24 on port2
The aim is to be able to communicate between these 2 subnets by using an IPsec VPN. Both FortiGates need to be registered on support.fortinet.com portal (FortiCare).
Solution Go on the GUI under VPN -> Overlay Controller VPN of first FortiGate VM01.
1) Select 'Enabled' and role 'Spoke”.'
2) After that, click on 'Create New' under Overlays. Then enter the local subnet from VM01, which is in our case 192.168.1.0/24:
For the VM02, follow the same step 1, then on step 2 configure the overlay as follows:
As illustrated on the above screenshot, it's not required to put any subnet if the port2 is already configured with the correct subnet.
In this case, port2 is configured with 192.168.2.254/24 IP address, so the FortiGate has a connected route to this subnet.
Configuring the local subnet as 192.168.2.0/24 via the menu will also work.
After setting this click on 'Apply'.
The overall configuration should look like this:
The VPN should come up on IPsec Monitor page:
If the VPN doesn’t come up, double check that Overlay Names are the same on both FortiGates as this is case sensitive.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.