FortiGate
IPSec VPN between FortiGate and Cisco ASA
Name IP Address Remarks FortiGate 60E 121.121.43.50 Site 1 – WAN IP FortiGate 60E 192.168.1.1 Site 1 – LAN IP Cisco ASA 103.18.246.208 Site 2 – WAN IP Cisco ASA 10.10.10.8 Site 2 – LAN IP
Extend Layer2 Network Across Data Center with FortiGate VXLAN
I had prepared a lab to study the concept of how to Extend Layer2 Network Across Data Center with FortiGate VXLAN What is VXLAN Virtual eXtensible LAN (VXLAN – RFC7348) act as Layer 2 virtual networks over Layer 3 physical networks to stretch Layer 2 networks. It uses MAC Address-in-User Datagram Protocol (MAC-in-UDP) encapsulation. The …
Extend Layer2 Network Across Data Center with FortiGate VXLAN Read More »
Configure FortiGate SSL VPN Authentication with AD
Steps to configure FortiGate SSL VPN Authentication with AD (Active Directory) Create a LDAP Server in FortiGate AD Server = 192.168.1.200 cnid = sAMAccountName” config user ldap edit "UAT-AD01" set server "192.168.1.200" set cnid "sAMAccountName"" set dn "dc=uat,dc=aventislab,dc=com" set type regular set username "uat\\administrator" set password P@ssw0rd end Verify the LDAP connection is established successfully …
Configure FortiGate SSL VPN Authentication with AD Read More »
Configure Outbound NAT in FortiGate with CLI
Steps to configure Outbound NAT in FortiGate with CLI Ubuntu is accessing Internet via 121.121.43.50, and we would like to change it to 121.121.43.51 curl -4 icanhazip.com 121.121.43.50 Create an object for Internal Server config firewall address edit "wp5" set subnet 192.168.1.250 255.255.255.255 end Create an IP POOL for public IP Address config firewall ippool …
Import Let’s Encrypt SSL Certificate to FortiGate with CLI
Please refer to steps below on how to import Let’s Encrypt SSL Certificate to FortiGate with CLI Enable the Certification Tab in GUI config system global set gui-certificates enable end You can import the PFX Certificate to FortiGate with GUI now You have to separate the PFX to privatekey.pem and publiccert.pem prior importing it to …
Import Let’s Encrypt SSL Certificate to FortiGate with CLI Read More »
Publish Server to Internet with CLI in FortiGate
Steps to Publish Server to Internet with CLI in FortiGate Assign a free public IP to the pool or you can ignore this step if the public IP is configured previously config firewall ippool edit "121.121.43.52" set startip 121.121.43.52 set endip 121.121.43.52 next Configure the NAT to map 121.21.43.52:22 to 192.168.1.250:22 config firewall vip edit …
Publish Server to Internet with CLI in FortiGate Read More »
IKEv2 Site to Site VPN between FortiVM and ASAv
Steps to configure IKEv2 Site to Site VPN between FortiVM and ASAv IKEv2 which only use 4 messages to establish secure peer use less bandwidth than IKE (Main Mode use 9 messages) IKEv2 is more secure and stable with lot of features, like NAT-T, EAP for Remote Access than IKEv1 Refer to the Difference Between …
IKEv1 Site to Site VPN between FortiGate and Cisco ASA
Steps to Configure IKEv1 Site to Site VPN betwwen FortiGate and Cisco ASA in my lab Name IP Address FortiVM – External IP 30.30.30.254/24 FortiVM – Internal IP 30.30.8.1/24 ASAv – External IP 10.10.10.254/24 ASAv – Internal IP 10.10.8.1/24 If you configure the Site to Site VPN by using the Wizard, it will create the …
IKEv1 Site to Site VPN between FortiGate and Cisco ASA Read More »