IPsec VPN to Azure with virtual network gateway
This example shows how to configure a site-to-site IPsec VPN tunnel to Microsoft Azure. It shows how to configure a tunnel between each site, avoiding overlapping subnets, so that a secure tunnel can be established.
Prerequisites
- A FortiGate with an Internet-facing IP address
- A valid Microsoft Azure account
Sample topology
Sample configuration
This sample configuration shows how to:
- Configure an Azure virtual network
- Specify the Azure DNS server
- Configure the Azure virtual network gateway
- Configure the Azure local network gateway
- Configure the FortiGate tunnel
- Create the Azure firewall object
- Create the FortiGate firewall policies
- Create the FortiGate static route
- Create the Azure site-to-site VPN connection
- Check the results