Dears
I want to configure site to site VPN between FGT60 Site 1 (Port 1) ----> FGT30 Site 2 (Port1)
Site 1 : all wan interfaces configured with SD-WAN Zone and each on connected to different ADSL router
and port 1 has DDNS
Site 2 is straight firewall has static IP address
what are configuration of peers ?
should i delete port1 from SD-WAN zone ? or it will work normally
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello Galal2010,
To configure a site-to-site VPN between FGT60 Site 1 and FGT30 Site 2, you need to follow these steps:
1. Create a VPN tunnel on both firewalls, with the following settings:
- Tunnel interface name
- Local gateway IP address
- Peer gateway IP address
- Authentication method
- Pre-shared key
2. Configure the necessary firewall policies to allow traffic to pass through the VPN tunnel.
3. If you have multiple WAN interfaces on FGT60 Site 1, you can choose to use the one with DDNS or a static IP address for the VPN tunnel. You don't need to remove it from the SD-WAN zone, as long as the firewall policy for the VPN tunnel allows traffic to pass through the correct interface.
Here's an example of the configuration for FGT60 Site 1:
- Create a new VPN tunnel interface with a name such as "VPN to Site 2"
- Set the local gateway IP address to the public IP address of the WAN interface you want to use for the VPN tunnel
- Set the peer gateway IP address to the static IP address of FGT30 Site 2
- Choose an authentication method and set a pre-shared key
- Create a new firewall policy that allows traffic from the local network to the remote network, and vice versa. Set the source and destination interfaces to the VPN tunnel interface.
Here's an example of the configuration for FGT30 Site 2:
- Create a new VPN tunnel interface with a name such as "VPN to Site 1"
- Set the local gateway IP address to the static IP address of the WAN interface
- Set the peer gateway IP address to the public IP address of FGT60 Site 1
- Choose the same authentication method and pre-shared key as on FGT60 Site 1
- Create a new firewall policy that allows traffic from the local network to the remote network, and vice versa. Set the source and destination interfaces to the VPN tunnel interface.
I hope this helps! Let me know if you have any further questions.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1570 | |
1034 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.