GoodAccess
GoodAccess Website
Request Free Trial
Download App
Search…
Welcome to GoodAccess
Getting started
First steps
How to connect
Team management
Systems
Access Control
Admins & Roles
BackUp Gateway
Advanced networking
IP whitelisting
Clouds & Branches
Clouds
Branches (On-premise)
Barracuda
MikroTik
Cisco
FortiGate
pfSense
Check Point
Zyxel USG
Palo Alto
SonicWall
Sophos XG
UniFi USG
Untangle NG
WatchGuard
Juniper (JunOS) SRX
Cisco ASA (Route Based)
TP-Link
Synology
D-Link DIR-130/330
Netgear BR500
Linksys
DrayTek Vigor 3900
Cisco Meraki
Split tunneling
RDP - Windows
Port forwarding
Security & Compliance
2FA
Secure Shield
DNS Management
SSO
FAQ
Gateways
Product
Payments & Billing
Troubleshooting
Technical issues
Payments & Billing
Login & Password
Powered By
GitBook
FortiGate
Step 1
Go to
Clouds & Branches
and click on
Add new
Step 2
Prepare the settings of IPsec profile and save it for later (You can open this menu by clicking on Edit branch in Clouds & Branches).
Step 3
Once you saved the configuration you will be able to check details of your Branch (subnet, gateway, etc.)
Details of Branch -> Action button on the right side -> Configuration guide
Step 4
Go to Policy & Object and Open Addresses -> Create new -> Address
Step 5
You have to create
two
Addresses profiles
Local
Remote
Local
Type
- Subnet
IP/Netmask
-Subnet of Local network of FortiGate and mask
Interface
- Optional
Remote
Type
- Subnet
IP/Netmask
- Subnet IP of GoodAccess gateway and mask
Interface
- Optional
Step 6
Go to
VPN
->
IPsec Tunnels
and
Create New
-
IPsec Tunnel
Step 7
Select
Custom
and continue.
Step 8
It is necessary to set up all following options
Network
Remote Gateway
- Static IP Address
IP Address
- GoodAccess gateway IP
Interface
- WAN (It depends on your site)
NAT Traversal
- Optional
Deed Peer Detection
- On Demand
Rest as you can see
Authentication
Method
- Pre-shared Key
Pre-shared Key
- Your password (the same like you set in GoodAccess; Step 2)
IKE Version
- 2
Phase 1
It is necessary to use the same settings like in GoodAccess
Phase 2
It is necessary to use the same settings like in GoodAccess
Local Address
- Address profile you've created in Step 5
Remote Address
- Address profile you've created in Step 5
Rest must the same like configuration in GoodAccess
- Step 2
Step 9
Go to
Network
->
Static Routes
->
Create new
Step 10
Destination
- Subnet and populate GoodAccess gateway subnet IP + mask
Step 11
Go to
Policy & Objects
->
Firewall Policy
->
Create New
Incoming Interface -
IPsec Tunel
Outgoing Interface -
LAN (It depends to your site)
Source -
Remote Address profile
Destination -
Local Address profile
Schedule and Service
- It is up to you
Action
- Enabled
Inspection Mode
- Flow-based
It is necessary to create this Policy for two times. One as you see and one with switched Interfaces and Source/Destination.
Previous
Cisco
Next
pfSense
Last modified
5mo ago
Copy link
Outline
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Step 7
Step 8
Network
Authentication
Phase 1
Phase 2
Step 9
Step 10
Step 11