Configuring Perimeter 81 Site-To-Site with FortiGate Devices

 

The following procedure demonstrates how to configure the VPN tunnels on the FortiGate devices using the management interface. Please follow the steps below:

 Configure an IPSec Tunnel at the Perimeter 81 Management Portal

1. Under Network in the Management Portal on the left side, select the name of the network in which you'd like to set the tunnel.

2. Locate the desired gateway, and select the three-dotted menu (...).

3. Select Add Tunnel and then IPSec Site-2-Site Tunnel.Screen_Shot_2019-08-27_at_14.06.15.png The following window will display:Screen_Shot_2019-08-27_at_14.23.01.png

4. In the General Settings section fill in according to the following:

  • Name: Choose whatever name you find suitable for the tunnel.
  • Shared Secret: Insert a string of your own or use Generate.
  • Public IP: Insert the public IP of the FortiGate device.
  • Remote IP: Insert the public IP of the FortiGate device.
  • Perimeter 81 Gateway Proposal Subnets: by default, this should be set to 10.255.0.0/16 
  • Remote Gateway Proposal Subnets: 0.0.0.0/0 or specify according to your customized settings.

 

Screen_Shot_2019-08-27_at_14.21.57.png 5. At the Advanced Settings section complete the following information:

  • Diffie-Hellman Groups (Phase 1): 21
  • Diffie-Hellman Groups (Phase 2): 21

Leave the rest of the fields with the default values (as shown in the attached screenshot).

 Configure the Tunnel at the FortiGate Management Interface

1. Open the FortiGate management interface.

2. In the left panel, select VPN, then IPsec Tunnels, and select Create New.

Screen_Shot_2019-08-27_at_10.43.27.png

3. In the VPN Creation Wizard window set the Name to Perimeter 81 (or any other name you desire), the Template Type to General tab and select Next

4. Fill in the following information:Screen_Shot_2019-08-27_at_10.53.58.png

Network Section:

  • IP Version: IPv4
  • Remote Gateway: Static IP Address
  • IP Address: Insert the public IP of the location server
  • Interface: select your WAN interface.
  • Mode Config: unchecked.
  • NAT Traversal: Disable.
  • Dead Peer Detection: On Demand.

aut2.png

Authentication section:

  • Method: Pre-shared Key
  • Pre-shared Key: Insert the Shared Key you chose in Step 1.
  • IKE Version: 1
  • Mode: Main (ID protection)

 

Phase 1 Proposal section:

  • Encryption: AES256
  • Authentication: SHA256
  • Diffie-Hellman Group: 21
  • Key Lifetime (seconds): 28800
  • Local ID: leave blank

 

  • XAUTH Section leave disabledScreen_Shot_2019-08-27_at_13.33.23.png

Phase 2 Selectors (+Advanced) section:

  • Name: Perimeter 81
  • Local Address: Subnet, 0.0.0.0/0.0.0.0
  • Remote Address: Subnet, 10.255.0.0/255.255.0.0
  • Enable Replay Detection: Checked
  • Enable Perfect Forward Secrecy (PFS): Checked
  • Diffie-Hellman Group: 21
  • Encryption: AES256
  • Authentication: SHA256
  • Local Port: checked
  • Remote Port: checked
  • Protocol: checked
  • Key Lifetime: Seconds
  • Seconds: 43200

 

 Configure Firewall and Static Routing

It is necessary to add static routes from the Perimeter 81 subnet (10.255.0.0/16) to the local network and from the local network to the Perimeter 81 subnet (10.255.0.0/16) to the local network through the VPN tunnel gateway.

Screen_Shot_2019-08-27_at_13.36.35.png1. Go to Network -> Routing -> Static Routes -> Create new -> Route


Screen_Shot_2019-08-27_at_13.38.06.png

2. Set Destination to 10.255.0.0/16 and the Device: Perimeter 81 (or any other name you chose for the tunnel).
3. Select OK.

It is necessary to add firewall rules to allow traffic from the Perimeter 81 subnet (10.255.0.0/16) to your local network or services you desire. 

1. Go to Policy & Objects -> IPv4 Policy and select Create New.

2. Fill in the following information.

Screen_Shot_2019-08-27_at_13.41.02.png

  • Name: Perimeter 81
  • Incoming Interface: Perimeter 81
  • Outgoing Interface: Your local network object
  • Source: All
  • Destination: All
  • Schedule: Always
  • Service: All
  • NAT: Disabled

If any additional settings appear, leave them in their default status.

3. Select OK.

Make Sure the Tunnel is Up 

1. At the FortiGate Management Interface, go to VPN -> IPSec Tunnels. If the tunnel is up the line will appear in the table:

last.png

If you experience different results, make sure you carefully went through all the steps; however, in case the issue persists please contact our support team.

0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.