Fortinet black logo

Cookbook

Configuring the data center FortiGates

Copy Link
Copy Doc ID 4d801240-7ccc-11e9-81a4-00505692583a:790684
Download PDF

Configuring the data center FortiGates

The configuration described here must be set up on Data Center 1 FortiGate and Data Center 2 FortiGate. The following steps show how to configure Data Center 1 FortiGate (as shown in the diagram). You can repeat this configuration for Data Center 2 FortiGate, substituting the proper IP addresses and interface names.

This configuration has the following objectives:

  • Zero touch IPsec VPN provisioning of new branches
  • Point-to-multipoint IPsec VPN
  • Central management of data center access from each data center firewall
  • Dynamic peering to share routing information between each branch and the data center

Each data center configuration includes dynamic (or dial-up) IPsec VPN, BGP, firewall policies to control access, and a blackhole route for each branch office.

Configuring the data center FortiGates

The configuration described here must be set up on Data Center 1 FortiGate and Data Center 2 FortiGate. The following steps show how to configure Data Center 1 FortiGate (as shown in the diagram). You can repeat this configuration for Data Center 2 FortiGate, substituting the proper IP addresses and interface names.

This configuration has the following objectives:

  • Zero touch IPsec VPN provisioning of new branches
  • Point-to-multipoint IPsec VPN
  • Central management of data center access from each data center firewall
  • Dynamic peering to share routing information between each branch and the data center

Each data center configuration includes dynamic (or dial-up) IPsec VPN, BGP, firewall policies to control access, and a blackhole route for each branch office.