This is an example on how to configure a simple full mesh VPN with:
- Three FortiGate (FGT) devices
- Pre-shared key for authentication
- Auto-up tunnel setting
- Static Routes
1. Add FortiGate Devices and Map all Interfaces |
|
|
Go to Device Manager, and add three FortiGate devices, by clicking Add Device. Follow the wizard to add each device. Go to Policy & Objects > Policy Packages and define Zone interfaces. Go to Device Manager and select a device. Go to System: Interface and map interfaces to the Zone interfaces. |
 |
2. Create Firewall Address for Protected Subnets |
|
|
Go to Policy & Objects > Object Configurations > Firewall Objects > Address to manage the firewall addresses. VPN only supports firewall address with the type set to subnet (IP/Netmask). The firewall addresses will be used as protected subnets to generate static routes among the FortiGate devices. |
 |
3. Create a VPN Community |
|
|
Go to VPN Manager > VPN Community list > Create New. Set the VPN topology type to Full Meshed. |
 |
|
Define the authentication method with a pre-shared key. Specify encryption and hash methods. |
 |
|
After defining authentication methods and encryption properties, click Next. Configure VPN Phase 1 and Phase 2 settings. |
 |
|
For the IPSec Phase 2 setting, set the tunnel to Auto-Negotiate. Optionally, under Advanced Options > the IKE version must be set to two in order to use IPv6 over tunnels. |
 |
|
VPN configuration summary: |
 |
4. Add VPN Gateway |
|
|
Go to VPN Manager > VPN Community. In the content pane, from the Create New menu, select Managed Gateway. Add a Protected Network. There can be more than one protected networks. |
 |
|
Select a Device. |
 |
|
Select a default VPN interface. The default VPN interface should have a valid IP and mapped. |
 |
|
Optionally, specify the local gateway. This option can be left blank in most cases. |
 |
|
Routing > select Automatic to generate static routes. |
 |
|
VPN gateway configuration settings summary: |
 |
5. Create Firewall Policies |
|
|
Go to Policy & Objects > Policy Packages to create policies among the default VPN zones and protected-subnet interfaces. Use the Install-On option to restrict policies applied on specific FortiGate devices. Do not forget to create policies for bi-directional traffic. |
 |
For further FortiManager information, refer to the FortiManager Administration Guides available on the Fortinet Document Library.
The post FortiManager: Configure a Full Mesh VPN Topology within VPN Console appeared first on Fortinet Cookbook.