Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiManager 7.2.8 Administration Guide
    7.2.8
    7.6.1
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.6
    6.2.5
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.6.11
    5.6.10
    5.6.9
    5.6.8
    5.6.7
    5.6.6
    5.6.5
    5.6.4
    5.6.3
    5.6.2
    5.6.1
    5.6.0
    5.4.7
    5.4.6
    5.4.5
    5.4.4
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.2.10
    5.2.7
    5.2.6
    5.2.4
    5.2.3
    5.2.2
    5.2.1
    5.2.0
    5.0.12
    5.0.11
    5.0.10
    5.0.9
    5.0.8
    5.0.7
    5.0.6
    5.0.5
    5.0.4
    5.0.3
    5.0.2
    4.3.8
    4.3.7
    4.3.6
    4.3.5
    4.3.4
    4.3.3
    4.3.2
    4.3.1
    4.3.0
    4.2.9
    4.2.8
    4.2.7
    4.2.6
    4.2.5
    4.2.4
    4.2.3
    4.2.2
    4.2.1
    4.2.0
    4.1.0
    4.0.3
    4.0.2
    4.0.1
    4.0.0

    Defining the hub template

    Defining the hub template

    1. Go to Device Manager > Provisioning Templates > IPsec Tunnel Templates.

    2. Right click HUB_IPsec_Recommended and select Activate.

    3. Provide a template name and fill out the VPN1 section as follows:

      Field

      Value

      Outgoing Interface

      port2

      IPv4 Start IP

      10.0.0.1

      IPv4 End IP

      10.0.0.100

      IPv4 Netmask

      255.255.255.0

      Pre-shared Key

      Enter a pre-shared key.

      Caution

      IPv4 Start IP and IPv4 End IP specify the range of IP addresses that connecting branches will use for their IPsec tunnel IP. These IP addresses can be adjusted to fit your needs. The current scheme only scales to 100 branches.

    4. Click OK to save.

    5. Edit the newly created template, then edit the VPN1 tunnel.

      1. Change Routing from Manual to Automatic

        1. Under Remote Subnet, enter 172.16.0.0/255.255.0.0.

      2. Set the Tunnel Interface Setup to:

        • IP: 10.0.0.101/32.

        • Remote IP: 10.0.0.254/24.

        These settings configure the HQ FortiGate’s IPsec interface. The same can be done for the branch FortiGates. However, this example uses mode-config to assign addresses using the IPv4 range shown in the image above.

    6. Click OK to save.

    Previous
    Next

    Defining the hub template

    Defining the hub template

    1. Go to Device Manager > Provisioning Templates > IPsec Tunnel Templates.

    2. Right click HUB_IPsec_Recommended and select Activate.

    3. Provide a template name and fill out the VPN1 section as follows:

      Field

      Value

      Outgoing Interface

      port2

      IPv4 Start IP

      10.0.0.1

      IPv4 End IP

      10.0.0.100

      IPv4 Netmask

      255.255.255.0

      Pre-shared Key

      Enter a pre-shared key.

      Caution

      IPv4 Start IP and IPv4 End IP specify the range of IP addresses that connecting branches will use for their IPsec tunnel IP. These IP addresses can be adjusted to fit your needs. The current scheme only scales to 100 branches.

    4. Click OK to save.

    5. Edit the newly created template, then edit the VPN1 tunnel.

      1. Change Routing from Manual to Automatic

        1. Under Remote Subnet, enter 172.16.0.0/255.255.0.0.

      2. Set the Tunnel Interface Setup to:

        • IP: 10.0.0.101/32.

        • Remote IP: 10.0.0.254/24.

        These settings configure the HQ FortiGate’s IPsec interface. The same can be done for the branch FortiGates. However, this example uses mode-config to assign addresses using the IPv4 range shown in the image above.

    6. Click OK to save.

    Previous
    Next