Fortigate to Fortigate VPN (Fixed IP <> DDNS) tips?
We have a 200B at our DC running 4.3 MR3 Patch 12 this has a fixed IP address. I have our old 100A (also running 4.3 MR3 Patch 12) sorting my home fibre connection - we cannot get a fixed IP address for this so.
Would someone be able to give me a quick starting point and/or some tips to get a VPN configured between the two?
we have some of this connections. We are using a dialup configuration on the box that has a fixed IP and a static configuration on the box with the dynamic IP. The boxes are using certificates for authentication and only trust the opposite certificate for this connection.
OK - thanks for the responses on this. I have this setup and working, but have a quick question... On our DC 200B we have the following:
Port16 - Internet
Port13 - LAN (Public IP Range)
Switch - Management Network (10.10.10.0/24)
We have several things plugged into our management network, e.g. switch management, iLo/DRAC etc, we also have a management server on the switch and this is what we use to (would you believe it) - manage our network.
I have setup my VPN so that the DDNS Fortigate (100A/home fibre/10.1.1.0) is VPN' d into the Switch on the 200B - This is connected and working.... i have setup the policies (up/down) and routes (send 10.10.10.0 via the VPN) and now i can access anything on the 10.10.10.0 Management Network from home - cool!
What i need to be able todo is access the LAN Public IP Range (behind Port13) from home (10.1.1.0) via the VPN. I have a policy on the 200B: Switch(ALL/ANY) -> Port13(ALL/ANY). But when i setup a route on the 100A: " Public IP Range" via the VPN - the traffic goes nowhere.
Im sure its just a simple thing im missing... and just wondering if anyone could suggest next steps...
Yes, that' s OK and needed but I meant a route on the public hosts. Imagine they receive a packet from 10.1.1.x - how would they know that the reply should NOT be sent out to the internet but to back to the FGT?
And besides, that policy Bob mentioned is necessary of course.
Do you have a Phase II configuration for the subnet you' re trying to get to as well as a route in the 100A for the destination subnet with the VPN interface as the device? The host should have a route back since that was already added for the when you successfully got to the Management subnet - return traffic should hit the firewall & it knows the route.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.