Examples

Home FortiManager 6.4.0 Examples

Verifying ADVPN configuration in FortiGate

6.4.0

Copy Link

Copy Doc ID 5ecc39ba-34cd-11eb-96b9-00505692583a:467419

Download PDF

Verifying ADVPN configuration in FortiGate

When configuring the VPN manager, take into account that the final outcome you want to have on the FortiGate is shown the configurations below.

The configuration will be available on the FortiGates only after they are installed from FortiManager. The installation is described later in the guide. These configurations are required for ADVPN to work. At this point you don’t need to install the configurations on the FortiGates.

Example configurations

Branch FGT-6

config vpn ipsec phase1-interface

edit "OL_MPLS_0"

set interface "port3"

set ike-version 2

set comments "[created by FMG VPN Manager]"

set proposal aes128-sha256 aes256-sha256

set keylife 28800

set peertype any

set remote-gw 172.20.9.5

set net-device disable

set psksecret ENC ***

edit "OL_INET_0"

set interface "port2"

set ike-version 2

set comments "[created by FMG VPN Manager]"

set proposal aes128-sha256 aes256-sha256

set keylife 28800

set peertype any

set remote-gw 172.20.10.5

set net-device disable

set psksecret ENC ***

end

Branch FGT-7

Similar configuration as FGT-6

Datacenter DC-6

config vpn ipsec phase1-interface

edit "OL_MPLS_0"

set type dynamic

set interface "port3"

set ike-version 2

set dpd on-idle

set comments "[created by FMG VPN Manager]"

set proposal aes128-sha256 aes256-sha256 aes128gcm-prfsha256 aes256gcm-prfsha384 chacha20poly1305-prfsha256

set keylife 28800

set peertype any

set dpd-retryinterval 60

set net-device disable

set tunnel-search nexthop

set add-route disable

set psksecret ENC ***

edit "OL_INET_0"

set type dynamic

set interface "port2"

set ike-version 2

set dpd on-idle

set comments "[created by FMG VPN Manager]"

set proposal aes128-sha256 aes256-sha256 aes128gcm-prfsha256 aes256gcm-prfsha384 chacha20poly1305-prfsha256

set keylife 28800

set peertype any

set dpd-retryinterval 60

set net-device disable

set tunnel-search nexthop

set add-route disable

set psksecret ENC ***

end

Verifying ADVPN configuration in FortiGate

When configuring the VPN manager, take into account that the final outcome you want to have on the FortiGate is shown the configurations below.

Example configurations

Branch FGT-6

config vpn ipsec phase1-interface

edit "OL_MPLS_0"

set interface "port3"

set ike-version 2

set comments "[created by FMG VPN Manager]"

set proposal aes128-sha256 aes256-sha256

set keylife 28800

set peertype any

set remote-gw 172.20.9.5

set net-device disable

set psksecret ENC ***

edit "OL_INET_0"

set interface "port2"

set ike-version 2

set comments "[created by FMG VPN Manager]"

set proposal aes128-sha256 aes256-sha256

set keylife 28800

set peertype any

set remote-gw 172.20.10.5

set net-device disable

set psksecret ENC ***

end

Branch FGT-7

Similar configuration as FGT-6

Datacenter DC-6

config vpn ipsec phase1-interface

edit "OL_MPLS_0"

set type dynamic

set interface "port3"

set ike-version 2

set dpd on-idle

set comments "[created by FMG VPN Manager]"

set proposal aes128-sha256 aes256-sha256 aes128gcm-prfsha256 aes256gcm-prfsha384 chacha20poly1305-prfsha256

set keylife 28800

set peertype any

set dpd-retryinterval 60

set net-device disable

set tunnel-search nexthop

set add-route disable

set psksecret ENC ***

edit "OL_INET_0"

set type dynamic

set interface "port2"

set ike-version 2

set dpd on-idle

set comments "[created by FMG VPN Manager]"

set proposal aes128-sha256 aes256-sha256 aes128gcm-prfsha256 aes256gcm-prfsha384 chacha20poly1305-prfsha256

set keylife 28800

set peertype any

set dpd-retryinterval 60

set net-device disable

set tunnel-search nexthop

set add-route disable

set psksecret ENC ***

end