Configuring the first FortiGate (Peer-1)
Configure Peer-1 with the following settings:
- Enable virtual domain configuration, add vdom1, set vdom1 to proxy mode (to support VoIP profiles), and add port1 and port2 to vdom1.
config system global
set vdom-admin enable
end
config vdom
edit vdom1
config system settings
set inspection-mode proxy
end
end
config system global
config system interface
edit port1
set vdom vdom1
next
edit port2
set vdom vdom1
end
end
- Create a virtual wire pair between port1 and port2.
config vdom
edit vdom1
config system virtual-wire-pair
edit my-wire-pair
set member port1 port2
end
end
- Create a virtual wire pair policy to allow all traffic between port 1 and port 2. This example policy applies antivirus scanning, application control, and VoIP profiles.
config vdom
edit vdom1
config firewall policy
edit 1
set srcintf port1 port2
set dstintf port1 port2
set srcaddr all
set dstaddr all
set service ALL
set schedule always
set action allow
set utm-status enable
set av-profile default
set application-list default
set voip-profile default
end
- Configure Peer-1 for FGSP.
config system cluster-sync
edit 1
set peerip 10.10.10.2
set peervd root
set syncvd vdom1
next
edit 2
set peerip 10.10.10.3
set peervd root
set syncvd vdom1
next
edit 3
set peerip 10.10.10.4
set peervd root
set syncvd vdom1
end