FortiGate
Go to Clouds & Branches and click on Add new
Prepare the settings of IPsec profile and save it for later (You can open this menu by clicking on Edit branch in Clouds & Branches).
Once you saved the configuration you will be able to check details of your Branch (subnet, gateway, etc.)
Details of Branch -> Action button on the right side -> Configuration guide
Go to Policy & Object and Open Addresses -> Create new -> Address
You have to create two Addresses profiles
- Local
- Remote
Local
- Type - Subnet
- IP/Netmask -Subnet of Local network of FortiGate and mask
- Interface - Optional
Remote
- Type - Subnet
- IP/Netmask - Subnet IP of GoodAccess gateway and mask
- Interface - Optional
Go to VPN -> IPsec Tunnels and Create New - IPsec Tunnel
Select Custom and continue.
It is necessary to set up all following options
- Remote Gateway - Static IP Address
- IP Address - GoodAccess gateway IP
- Interface - WAN (It depends on your site)
- NAT Traversal - Optional
- Deed Peer Detection - On Demand
- Rest as you can see
Method - Pre-shared Key
Pre-shared Key - Your password (the same like you set in GoodAccess; Step 2)
IKE Version - 2
It is necessary to use the same settings like in GoodAccess
It is necessary to use the same settings like in GoodAccess
- Local Address - Address profile you've created in Step 5
- Remote Address - Address profile you've created in Step 5
- Rest must the same like configuration in GoodAccess - Step 2
Go to Network -> Static Routes -> Create new
Destination - Subnet and populate GoodAccess gateway subnet IP + mask
Go to Policy & Objects -> Firewall Policy -> Create New
- Incoming Interface - IPsec Tunel
- Outgoing Interface - LAN (It depends to your site)
- Source - Remote Address profile
- Destination - Local Address profile
- Schedule and Service - It is up to you
- Action - Enabled
- Inspection Mode - Flow-based
Last modified 6d ago