IPsec VPN to Azure with virtual network gateway

This example shows how to configure a site-to-site IPsec VPN tunnel to Microsoft Azure. It shows how to configure a tunnel between each site, avoiding overlapping subnets, so that a secure tunnel can be established.


  • A FortiGate with an Internet-facing IP address
  • A valid Microsoft Azure account

Sample topology

Sample configuration

This sample configuration shows how to:

  1. Configure an Azure virtual network
  2. Specify the Azure DNS server
  3. Configure the Azure virtual network gateway
  4. Configure the Azure local network gateway
  5. Configure the FortiGate tunnel
  6. Create the Azure firewall object
  7. Create the FortiGate firewall policies
  8. Create the FortiGate static route
  9. Create the Azure site-to-site VPN connection
  10. Check the results
To configure an Azure virtual network: