This is an example of configuring Security Fabric over IPsec VPN.
Sample topology
This sample topology shows a downstream FortiGate (HQ2) connected to the root FortiGate (HQ1) over IPsec VPN to join Security Fabric.
Sample configuration
To configure the root FortiGate (HQ1):
- Configure interface:
- In the root FortiGate (HQ1), go to Network > Interfaces.
- Edit port2:
- Set Role to WAN.
- For the interface connected to the Internet, set the IP/Network Mask to 10.2.200.1/255.255.255.0
- Edit port6:
- Set Role to DMZ.
- For the interface connected to FortiAnalyzer, set the IP/Network Mask to 192.168.8.250/255.255.255.0
- Configure the static route to connect to the Internet:
- Go to Network > Static Routes and click Create New or Create New > IPv4 Static Route.
- Set Destination to 0.0.0.0/0.0.0.0.
- Set Interface to port2.
- Set Gateway Address to 10.2.200.2.
- Click OK.
- Go to Network > Static Routes and click Create New or Create New > IPv4 Static Route.
- Configure IPsec VPN:
- Go to VPN > IPsec Wizard.
- Set Name to To-HQ2.
- Set Template Type to Custom.
- Click Next.
- Set
- Go to VPN > IPsec Wizard.