Device : Fortigate 40F
Firmware :v7.0.12 build0523 (Mature)
I am following this article to configure site to site VPN :
I am not sure how to setup parameters for phase 1 and phase 2 tunnel and how do I configure Phase 2 tunnel since I cant find any options in firewall console.
I don't see the options highlighted in bold. Please see below screenshots for your reference.
To configure the FortiGate tunnel:
- In the FortiGate, go to VPN > IP Wizard.
- Enter a Name for the tunnel, click Custom, and then click Next.
- Configure the Network settings.
- For Remote Gateway, select Static IP Address and enter the IP address provided by Azure.
- For Interface, select wan1.
- For NAT Traversal, select Disable,
- For Dead Peer Detection, select On Idle.
- In the Authentication section, select
- Configure the Authentication settings.
- For Method, select Pre-shared Key and enter the Pre-shared Key.
- For IKE, select 2.
- Configure the Phase 1 Proposal settings.
- Set the Encryption and Authentication combination to the three supported encryption algorithm combinations accepted by Azure.
- AES256 and SHA1
- 3DES and SHA1
- AES256 and SHA256
- For Diffie-Hellman Groups, select 2.
- Set Key Lifetime (seconds) to 28800.
- Set the Encryption and Authentication combination to the three supported encryption algorithm combinations accepted by Azure.
- In Phase 2 Selectors, expand the Advanced section to configure the Phase 2 Proposal settings.
Set the Encryption and Authentication combinations:
- AES256 and SHA1
- 3DES and SHA1
- AES256 and SHA256
- Uncheck Enable Perfect Forward Secrecy (PFS).
- Set Key Lifetime (seconds) to 27000.
- Click OK.
