Extend Layer2 Network Across Data Center with FortiGate VXLAN

I had prepared a lab to study the concept of how to Extend Layer2 Network Across Data Center with FortiGate VXLAN What is VXLAN Virtual eXtensible LAN (VXLAN – RFC7348) act as Layer 2 virtual networks over Layer 3 physical networks to stretch Layer 2 networks. It uses MAC Address-in-User Datagram Protocol (MAC-in-UDP) encapsulation. The … Read moreExtend Layer2 Network Across Data Center with FortiGate VXLAN

Configure FortiGate SSL VPN Authentication with AD

Steps to configure FortiGate SSL VPN Authentication with AD (Active Directory) Create a LDAP Server in FortiGate AD Server = 192.168.1.200 cnid = sAMAccountName” config user ldap edit “UAT-AD01” set server “192.168.1.200” set cnid “sAMAccountName”” set dn “dc=uat,dc=aventislab,dc=com” set type regular set username “uat\\administrator” set password P@ssw0rd end Verify the LDAP connection is established successfully … Read moreConfigure FortiGate SSL VPN Authentication with AD

Configure Outbound NAT in FortiGate with CLI

Steps to configure Outbound NAT in FortiGate with CLI Ubuntu is accessing Internet via 121.121.43.50, and we would like to change it to 121.121.43.51 curl -4 icanhazip.com 121.121.43.50 Create an object for Internal Server config firewall address edit “wp5” set subnet 192.168.1.250 255.255.255.255 end Create an IP POOL for public IP Address config firewall ippool … Read moreConfigure Outbound NAT in FortiGate with CLI

Configure Remote SSL VPN in FortiGate with CLI

Steps to configure Remote SSL VPN in FortiGate with CLI Create a “ssl.root” interface for SSL VPN Tunnel config system interface edit “ssl.root” set vdom “root” set type tunnel set alias “Remote SSL VPN interface” end Create a pool of IP (10.28.28.10 – 20) to be assigned to Remote SSL VPN Users config firewall address … Read moreConfigure Remote SSL VPN in FortiGate with CLI

Import Let’s Encrypt SSL Certificate to FortiGate with CLI

Please refer to steps below on how to import Let’s Encrypt SSL Certificate to FortiGate with CLI Enable the Certification Tab in GUI config system global set gui-certificates enable end You can import the PFX Certificate to FortiGate with GUI now You have to separate the PFX to privatekey.pem and publiccert.pem prior importing it to … Read moreImport Let’s Encrypt SSL Certificate to FortiGate with CLI

Publish Server to Internet with CLI in FortiGate

Steps to Publish Server to Internet with CLI in FortiGate Assign a free public IP to the pool or you can ignore this step if the public IP is configured previously config firewall ippool edit “121.121.43.52” set startip 121.121.43.52 set endip 121.121.43.52 next Configure the NAT to map 121.21.43.52:22 to 192.168.1.250:22 config firewall vip edit … Read morePublish Server to Internet with CLI in FortiGate

IKEv2 Site to Site VPN between FortiVM and ASAv

Steps to configure IKEv2 Site to Site VPN between FortiVM and ASAv IKEv2 which only use 4 messages to establish secure peer use less bandwidth than IKE (Main Mode use 9 messages) IKEv2 is more secure and stable with lot of features, like NAT-T, EAP for Remote Access than IKEv1 Refer to the Difference Between … Read moreIKEv2 Site to Site VPN between FortiVM and ASAv

IKEv1 Site to Site VPN between FortiGate and Cisco ASA

Steps to Configure IKEv1 Site to Site VPN betwwen FortiGate and Cisco ASA in my lab Name IP Address FortiVM – External IP 30.30.30.254/24 FortiVM – Internal IP 30.30.8.1/24 ASAv – External IP 10.10.10.254/24 ASAv – Internal IP 10.10.8.1/24 If you configure the Site to Site VPN by using the Wizard, it will create the … Read moreIKEv1 Site to Site VPN between FortiGate and Cisco ASA