Site to Site VPN Fortigate 40F to Azure

Need2Know · ‎08-07-2023

Device : Fortigate 40F

Firmware :v7.0.12 build0523 (Mature)

I am following this article to configure site to site VPN :

https://newhelptech.wordpress.com/2022/01/01/step-by-step-how-to-configure-site-to-site-vpn-microsof...

I am not sure how to setup parameters for phase 1 and phase 2 tunnel and how do I configure Phase 2 tunnel since I cant find any options in firewall console.

Need2Know · ‎08-07-2023

Tunnel has been established After setting up phase 1 and phase 2 encryption but no communication between subnets. Highly appreciate your support to help me investigate the issue.

pgautam · ‎08-07-2023

Hi @Need2Know

I am glad to know that the tunnel is configured successfully.

Please check if you have the route configured correctly.
Make sure if you are using SDWAN or policy route to send the all the traffic via the ISP interface.

For checking the traffic please check collect the below debug logs and confirm that traffic is leaving from the firewall.

Putty1 :

diag debug reset
diagnose debug console timestamp enable
diag debug flow show function-name enable
diag debug flow filter addr x.x.x.x <<< replace x.x.x.x with source machine IP address
diag debug flow trace start 10000
diag debug enable

Putty2 :

diag sniffer packet any ' host x.x.x.x' 6 0 a

Regards
Priyanka

- Have you found a solution? Then give your helper a "Kudos" and mark the solution

Need2Know · ‎08-09-2023

Hi @pgautam,

Please download the txt files in ZIP from the link below.

https://we.tl/t-5xtJZJEP0G

There was no option to upload the txt files here

Need2Know · ‎08-08-2023

Hi @pgautam

Please advise how do I upload txt files here as attachment as there is only option to upload photos.

Please help.

Need2Know · ‎08-08-2023

https://we.tl/t-5xtJZJEP0G

Please download the file from we transfer.

pgautam · ‎08-09-2023

Hi @Need2Know

Thank you for sharing the logs. We are not observing any traffic towards the 10.0.1.4 from the debug file.

Please check the routes on the FortiGate using below command:-

get router info routing-table details 10.0.1.4

This should point toward the IPSEC tunnel you created.

If after confirming the proper route and policy also traffic does not work then you can open the TAC case for further investigation.

Regards
Priyanka

- Have you found a solution? Then give your helper a "Kudos" and mark the solution

Need2Know · ‎08-09-2023

Thank you so reply @pgautam . Please see the output below.

Firewall #
Firewall # get router info routing-table details 10.0.1.4

Routing table for VRF=0
Routing entry for 0.0.0.0/0
Known via "static", distance 5, metric 0, best
* 94.203.142.1, via ppp2

Need2Know · ‎08-09-2023

not sure why firewall is keeping

* 94.203.142.1, via ppp2

pgautam · ‎08-09-2023

Hi @Need2Know

Please check the AD value of the route gets configured for the IPSEC tunnel interface subnet.

Apart from this please the IPSEC tunnel route from the database

get router info routing-table database

If a route using the tunnel shows inactive in that case make sure the tunnel status is up

get vpn ipsec tunnel summary

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-IPsec-VPNs-tunnels/ta-p/195955

Regards
Priyanka

- Have you found a solution? Then give your helper a "Kudos" and mark the solution

Need2Know · ‎08-09-2023

Azure Virtual Network gateway IP address is 20.203.52.164

Firewall WAN IP address is 94.206.201.171

Site to Site VPN Fortigate 40F to Azure

Nominate a Forum Post for Knowledge Article Creation