Fortinet Document Library

Version:

Version:

Version:


Table of Contents

Cookbook

Download PDF
Copy Link

Configuring the data center FortiGates

The configuration described here must be set up on Data Center 1 FortiGate and Data Center 2 FortiGate. The following steps show how to configure Data Center 1 FortiGate (as shown in the diagram). You can repeat this configuration for Data Center 2 FortiGate, substituting the proper IP addresses and interface names.

This configuration has the following objectives:

  • Zero touch IPsec VPN provisioning of new branches
  • Point-to-multipoint IPsec VPN
  • Central management of data center access from each data center firewall
  • Dynamic peering to share routing information between each branch and the data center

Each data center configuration includes dynamic (or dial-up) IPsec VPN, BGP, firewall policies to control access, and a blackhole route for each branch office.

Configuring the data center FortiGates

The configuration described here must be set up on Data Center 1 FortiGate and Data Center 2 FortiGate. The following steps show how to configure Data Center 1 FortiGate (as shown in the diagram). You can repeat this configuration for Data Center 2 FortiGate, substituting the proper IP addresses and interface names.

This configuration has the following objectives:

  • Zero touch IPsec VPN provisioning of new branches
  • Point-to-multipoint IPsec VPN
  • Central management of data center access from each data center firewall
  • Dynamic peering to share routing information between each branch and the data center

Each data center configuration includes dynamic (or dial-up) IPsec VPN, BGP, firewall policies to control access, and a blackhole route for each branch office.