Configuring Perimeter 81 Site-To-Site with FortiGate Device


Configuring the FortiGate Device Using the Management Interface

The following procedure demonstrates how to configure the VPN tunnels on the FortiGate devices using the management interface. You must replace the example values in the procedures with the values that are provided in the configuration file.


Step 1: Configure IPSec Tunnel

  1. Open the FortiGate management interface.
  2. In the left pane, choose VPN, IPsec Tunnels, choose Create New....
  3. In the VPN Creation Wizard window on the General tab, complete the following information:
    • Template Type: Choose Custom.
    • Name: Type Perimeter 81 and press Next.
    • Network section:
      • Remote Gateway: Static IP Adress
      • IP Address: your private server IP from configuration.
      • Interface: select your WAN interface.
      • Mode Config: unchecked.
      • NAT Traversal: Disable.
      • Dead Peer Detection: On Demand.
    • Authentication section:
      • Method: Pre-shared Key.
      • Pre-shared Key: fill PKS from configutation file.
      • IKE Version: 1
      • Mode: Main (ID protection)
    • Phase 1 Proposal section:
      • Encryption: AES256.
      • Authentication: SHA256.
      • Diffe-Hellman Group: 21.
      • Key Lifetime (seconds): 86400.
      • Local ID: leave blank.
    • XAUTH Section leave disabled.
    • Phase 2 Selectors section:
      • Name: Perimeter 81.
      • Local Address: Subnet,
      • Remote Address: Subnet,
      • Enable Perfect Forward Secrecy (PFS): checked.
      • Diffe-Hellman Group: 21.
      • Encryption: AES256.
      • Authentication: SHA256.
      • Local Port: checked.
      • Remote Port: checked.
      • Protocol: checked.
      • Key Lifetime: Seconds.
      • Seconds: 43200.

2. Step 2 - Configure Firewall and Static Routing

  1. It is needed to add static routes from the Perimeter 81 subnet ( to the local network and from the local network to the Perimeter 81 subnet ( to the local network to fo through the VPN tunnel gateway.

    A. Go to Network -> Static Routes -> Add new static route
    B. Under Destination enter:
    C. Under Device select Perimeter 81
    D. Click Ok

  2. It is needed to add firewall rules to allow traffic from the Perimeter 81 subnet ( to your local network or services you desire.

    A. Go to Policy & Objects -> IPv4 Policy
    B. Click Add new policy
    C. Enter the Name: Perimeter 81 to Local Network
    D. Incoming Interface: Perimeter 81
    E. Outgoing Interface: Your Local Network Object
    F. Source and Destination: All
    G. Service: All
    H. Firewall -> Nat: Disable (You don't need NAT as the subnets of Perimeter 81 and your local network are different).
    J. Click OK

0 out of 0 found this helpful



Please sign in to leave a comment.