Fortinet black logo

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Administration Guide

Defining the hub template
  1. Go to Device Manager > Provisioning Templates > IPsec Tunnel Templates.

  2. Right click HUB_IPsec_Recommended and select Activate.

  3. Provide a template name and fill out the VPN1 section as follows:

    Field

    Value

    Outgoing Interface

    port2

    IPv4 Start IP

    10.0.0.1

    IPv4 End IP

    10.0.0.100

    IPv4 Netmask

    255.255.255.0

    Pre-shared Key

    Enter a pre-shared key.

    Caution

    IPv4 Start IP and IPv4 End IP specify the range of IP addresses that connecting branches will use for their IPsec tunnel IP. These IP addresses can be adjusted to fit your needs. The current scheme only scales to 100 branches.

  4. Click OK to save.

  5. Edit the newly created template, then edit the VPN1 tunnel.

    1. Change Routing from Manual to Automatic

      1. Under Remote Subnet, enter 172.16.0.0/255.255.0.0.

    2. Set the Tunnel Interface Setup to:

      • IP: 10.0.0.101/32.

      • Remote IP: 10.0.0.254/24.

      These settings configure the HQ FortiGate’s IPsec interface. The same can be done for the branch FortiGates. However, this example uses mode-config to assign addresses using the IPv4 range shown in the image above.

  6. Click OK to save.

Defining the hub template
  1. Go to Device Manager > Provisioning Templates > IPsec Tunnel Templates.

  2. Right click HUB_IPsec_Recommended and select Activate.

  3. Provide a template name and fill out the VPN1 section as follows:

    Field

    Value

    Outgoing Interface

    port2

    IPv4 Start IP

    10.0.0.1

    IPv4 End IP

    10.0.0.100

    IPv4 Netmask

    255.255.255.0

    Pre-shared Key

    Enter a pre-shared key.

    Caution

    IPv4 Start IP and IPv4 End IP specify the range of IP addresses that connecting branches will use for their IPsec tunnel IP. These IP addresses can be adjusted to fit your needs. The current scheme only scales to 100 branches.

  4. Click OK to save.

  5. Edit the newly created template, then edit the VPN1 tunnel.

    1. Change Routing from Manual to Automatic

      1. Under Remote Subnet, enter 172.16.0.0/255.255.0.0.

    2. Set the Tunnel Interface Setup to:

      • IP: 10.0.0.101/32.

      • Remote IP: 10.0.0.254/24.

      These settings configure the HQ FortiGate’s IPsec interface. The same can be done for the branch FortiGates. However, this example uses mode-config to assign addresses using the IPv4 range shown in the image above.

  6. Click OK to save.