Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
galal2010
New Contributor

Site to Site VPN Configuration Special

Dears

I want to configure site to site VPN between FGT60 Site 1 (Port 1) ---->  FGT30 Site 2  (Port1)

 

Site 1 : all wan interfaces configured with SD-WAN Zone and each on connected to different ADSL router

and port 1 has DDNS

 

Site 2 is straight firewall has static IP address

what are configuration of peers ?

should i delete port1 from SD-WAN zone ? or it will work normallyVPN TEST.jpg

1 REPLY 1
Faiza_Emam_Delhi
Contributor

Hello Galal2010,

 

To configure a site-to-site VPN between FGT60 Site 1 and FGT30 Site 2, you need to follow these steps:

 

1. Create a VPN tunnel on both firewalls, with the following settings:

- Tunnel interface name

- Local gateway IP address

- Peer gateway IP address

- Authentication method

- Pre-shared key

 

2. Configure the necessary firewall policies to allow traffic to pass through the VPN tunnel.

 

3. If you have multiple WAN interfaces on FGT60 Site 1, you can choose to use the one with DDNS or a static IP address for the VPN tunnel. You don't need to remove it from the SD-WAN zone, as long as the firewall policy for the VPN tunnel allows traffic to pass through the correct interface.

 

Here's an example of the configuration for FGT60 Site 1:

- Create a new VPN tunnel interface with a name such as "VPN to Site 2"

- Set the local gateway IP address to the public IP address of the WAN interface you want to use for the VPN tunnel

- Set the peer gateway IP address to the static IP address of FGT30 Site 2

- Choose an authentication method and set a pre-shared key

- Create a new firewall policy that allows traffic from the local network to the remote network, and vice versa. Set the source and destination interfaces to the VPN tunnel interface.

 

Here's an example of the configuration for FGT30 Site 2:

- Create a new VPN tunnel interface with a name such as "VPN to Site 1"

- Set the local gateway IP address to the static IP address of the WAN interface

- Set the peer gateway IP address to the public IP address of FGT60 Site 1

- Choose the same authentication method and pre-shared key as on FGT60 Site 1

- Create a new firewall policy that allows traffic from the local network to the remote network, and vice versa. Set the source and destination interfaces to the VPN tunnel interface.

 

I hope this helps! Let me know if you have any further questions.

Thanks & Regards,
Faizal Emam
Thanks & Regards,Faizal Emam
Top Kudoed Authors