Fortinet white logo
Fortinet white logo

Cookbook

Configuring address objects on HQ

Configuring address objects on HQ

  1. To create address objects you will utilize in a later step, navigate to Policy & Objects > Addresses and select Create New > Address.
  2. Enter HQ-original for the Name, the original LAN subnet of HQ for Subnet (in the example, 192.168.1.0/24), and select the LAN-side interface for Interface (in the example, internal).

  3. Repeat the process to create an additional new address object.
  4. Enter Branch-new for the Name, the new LAN subnet of Branch for Subnet (in the example, 10.2.2.0/24), and select the VPN interface for Interface (in the example, VPN-to-Branch).

  5. To create an IP Pool, navigate to Policy & Objects > IP Pools and select Create New.
  6. Enter HQ-new for the Name and select Fixed Port Range for Type. For the External IP Range enter the new subnet for HQ (in the example, 10.1.1.1 – 10.1.1.254). You do not need to include the network address or the broadcast address for the subnet in the External IP Range of the IP Pool. For the Internal IP Range, enter the original subnet for HQ (in the example, 192.168.1.1 – 192.168.1.254).

  7. Finally, to create a Virtual IP, navigate to Policy & Objects > Virtual IPs and select Create New > Virtual IP.
  8. Enter HQ-new-to-original for the Name and select the VPN interface for Interface (in the example, VPN-to-Branch). For the External IP Address/Range enter the new subnet for HQ (in the example, 10.1.1.1 – 10.1.1.254). You do not need to include the network address or the broadcast address for the subnet in the External IP Range of the Virtual IP. For the Mapped IP Address/Range, enter the original subnet (in the example, 192.168.1.1 – 192.168.1.254).

Configuring address objects on HQ

Configuring address objects on HQ

  1. To create address objects you will utilize in a later step, navigate to Policy & Objects > Addresses and select Create New > Address.
  2. Enter HQ-original for the Name, the original LAN subnet of HQ for Subnet (in the example, 192.168.1.0/24), and select the LAN-side interface for Interface (in the example, internal).

  3. Repeat the process to create an additional new address object.
  4. Enter Branch-new for the Name, the new LAN subnet of Branch for Subnet (in the example, 10.2.2.0/24), and select the VPN interface for Interface (in the example, VPN-to-Branch).

  5. To create an IP Pool, navigate to Policy & Objects > IP Pools and select Create New.
  6. Enter HQ-new for the Name and select Fixed Port Range for Type. For the External IP Range enter the new subnet for HQ (in the example, 10.1.1.1 – 10.1.1.254). You do not need to include the network address or the broadcast address for the subnet in the External IP Range of the IP Pool. For the Internal IP Range, enter the original subnet for HQ (in the example, 192.168.1.1 – 192.168.1.254).

  7. Finally, to create a Virtual IP, navigate to Policy & Objects > Virtual IPs and select Create New > Virtual IP.
  8. Enter HQ-new-to-original for the Name and select the VPN interface for Interface (in the example, VPN-to-Branch). For the External IP Address/Range enter the new subnet for HQ (in the example, 10.1.1.1 – 10.1.1.254). You do not need to include the network address or the broadcast address for the subnet in the External IP Range of the Virtual IP. For the Mapped IP Address/Range, enter the original subnet (in the example, 192.168.1.1 – 192.168.1.254).