(Google it and you will see)įor example this command: Site2FW # diagnose vpn tunnel list Eventually I managed to sort this and I missed something fairly basic! (Mismatch with remote/local subnets… that old chestnut!!) The Fortigate documentation is very good and gave me some good pointers on the CLI to troubleshoot VPNs. Now for the gotcha… in my example I could never get Phase 2 to work. Very easy so far eh? Be sure to check your tunnel is up and Phase 1 and Phase 2 are happy: Tunnel and Phase 1 / Phase 2 state
This is essentially routing traffic to the specified destinations to 192.168.68.128, which is Site 2 next hop address / VPN interface. The wizard will also add a static route as follows: Static route to VPN tunnel It will create firewall policy for traffic to source from either direction. This will do several things and points worth mentioning below: Next, next finish style, but make sure your local and remote subnets are correct for each side of the VPN. Very very easy and won’t go into too much detail. Very impressed with these firewalls overall.įortinet have made this very, very simple via a wizard, but there was one gotcha that I lost time on that I would like to share. **Also the EVE-NG image for this firewall is very small and the entire process with FortiGate is extremely lightweight and intuitive. So the expected outcome is that Site 1 hosts can ping Site 2 hosts. Here is the topology we are working with in EVE-NG: Site to Site VPN Lab Topology In this post I will cover how to setup a basic site to site VPN using Fortigate firewalls.
0 kommentar(er)
