Configuring Perimeter 81 Site-To-Site with FortiGate Devices

Follow
 

The following procedure demonstrates how to configure the VPN tunnels on the FortiGate devices using the management interface.

 

Step 1: Configure an IPSec Tunnel at the Perimeter 81 Management Portal

  1. Under the Network tab in the left menu, click on name of the network in which you'd like to set the tunnel. Locate the desired gateway, click the three dotted icon and press Add Tunnel and then IPSec Site-2-Site Tunnel.Screen_Shot_2019-08-27_at_14.06.15.pngb. The following window will pop:Screen_Shot_2019-08-27_at_14.23.01.pngAt the General Settings section fill in according to the following:
  • Name: Choose whatever name you find suitable for the tunnel.
  • Shared Secret: Insert a string of your own or use the Generate button.
  • Public IP: Insert the public IP of the FortiGate device.
  • Remote IP: Insert the public IP of the FortiGate device.
  • Perimeter 81 Gateway Proposal Subnets: by default this should be set to 10.255.0.0/16 
  • Remote Gateway Proposal Subnets: 0.0.0.0/0 or specify according to your customised settings.Screen_Shot_2019-08-27_at_14.21.57.pngAt the Advanced Settings section fill in:
  • Diffie-Hellman Groups (Phase 1): 21
  • Diffie-Hellman Groups (Phase 2): 21
  • Leave the rest of the fields with the default values (as shown in the attached screenshot).
 

Step 2: Configure the Tunnel at the FortiGate Management Interface

  1. Open the FortiGate management interface.
  2. In the left panel, choose VPN, then IPsec Tunnels, and press Create New.Screen_Shot_2019-08-27_at_10.43.27.png
  3. In the VPN Creation Wizard window set the Name to Perimeter 81 (or any other name you desire) and the Template Type to General tab and press Next.
  4. Fill in the according to the following:Screen_Shot_2019-08-27_at_10.53.58.png
  • Network Section:
    • IP Version: IPv4
    • Remote Gateway: Static IP Address
    • IP Address: Insert the public IP of the location server
    • Interface: select your WAN interface.
    • Mode Config: unchecked.
    • NAT Traversal: Disable.
    • Dead Peer Detection: On Demand.

aut2.png

  • Authentication section:
    • Method: Pre-shared Key
    • Pre-shared Key: Insert the Shared Key you chose at Step 1.
    • IKE Version: 1
    • Mode: Main (ID protection)
  • Phase 1 Proposal section:
    • Encryption: AES256
    • Authentication: SHA256
    • Diffe-Hellman Group: 21
    • Key Lifetime (seconds): 86400
    • Local ID: leave blank
  • XAUTH Section leave disabledScreen_Shot_2019-08-27_at_13.33.23.png
  • Phase 2 Selectors (+Advanced) section:
    • Name: Perimeter 81
    • Local Address: Subnet, 0.0.0.0/0.0.0.0
    • Remote Address: Subnet, 10.255.0.0/255.255.0.0
    • Enable Replay Detection: Checked
    • Enable Perfect Forward Secrecy (PFS): Checked
    • Diffe-Hellman Group: 21
    • Encryption: AES256
    • Authentication: SHA256
    • Local Port: checked
    • Remote Port: checked
    • Protocol: checked
    • Key Lifetime: Seconds
    • Seconds: 43200
 

Step 3: Configure Firewall and Static Routing

  1. It is needed to add static routes from the Perimeter 81 subnet (10.255.0.0/16) to the local network and from the local network to the Perimeter 81 subnet (10.255.0.0/16) to the local network to fo through the VPN tunnel gateway.Screen_Shot_2019-08-27_at_13.36.35.pngGo to Network -> Routing -> Static Routes -> Create new -> Route
    Screen_Shot_2019-08-27_at_13.38.06.png

    Set Destination to 10.255.0.0/16 and the Device: Perimeter 81 (or any other name you chose for the tunnel).
    Click OK.
  2. It is needed to add firewall rules to allow traffic from the Perimeter 81 subnet (10.255.0.0/16) to your local network or services you desire. Go to Policy & Objects -> IPv4 Policy and click Create New.
    Once the settings window opens fill in according to the following and then click OK:Screen_Shot_2019-08-27_at_13.41.02.png

    • Name: Perimeter 81
    • Incoming Interface: Perimeter 81
    • Outgoing Interface: Your local network object
    • Source: All
    • Destination: All
    • Schedule: Always
    • Service: All
    • NAT: Disabled
    • If any additional settings appear, leave them in their default status.

Step 4: Make Sure the Tunnel is Up

At the FortiGate Management Interface, go to VPN -> IPSec Tunnels.If the tunnel is up the line will appear at the table:

last.png

If you experience differently, make sure you meticulously went through all the steps, however in case the issue persist please contact our support team.

0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.