FortiGate

Step 1

Go to Clouds & Branches and click on Add new

Step 2

Prepare the settings of IPsec profile and save it for later (You can open this menu by clicking on Edit branch in Clouds & Branches).

Step 3

Once you saved the configuration you will be able to check details of your Branch (subnet, gateway, etc.)
Details of Branch -> Action button on the right side -> Configuration guide

Step 4

Go to Policy & Object and Open Addresses -> Create new -> Address

Step 5

You have to create two Addresses profiles
  • Local
  • Remote
Local
  • Type - Subnet
  • IP/Netmask -Subnet of Local network of FortiGate and mask
  • Interface - Optional
Remote
  • Type - Subnet
  • IP/Netmask - Subnet IP of GoodAccess gateway and mask
  • Interface - Optional

Step 6

Go to VPN -> IPsec Tunnels and Create New - IPsec Tunnel

Step 7

Select Custom and continue.

Step 8

It is necessary to set up all following options

Network

  • Remote Gateway - Static IP Address
  • IP Address - GoodAccess gateway IP
  • Interface - WAN (It depends on your site)
  • NAT Traversal - Optional
  • Deed Peer Detection - On Demand
  • Rest as you can see

Authentication

Method - Pre-shared Key
Pre-shared Key - Your password (the same like you set in GoodAccess; Step 2)
IKE Version - 2

Phase 1

It is necessary to use the same settings like in GoodAccess

Phase 2

It is necessary to use the same settings like in GoodAccess
  • Local Address - Address profile you've created in Step 5
  • Remote Address - Address profile you've created in Step 5
  • Rest must the same like configuration in GoodAccess - Step 2

Step 9

Go to Network -> Static Routes -> Create new

Step 10

Destination - Subnet and populate GoodAccess gateway subnet IP + mask

Step 11

Go to Policy & Objects -> Firewall Policy -> Create New
  • Incoming Interface - IPsec Tunel
  • Outgoing Interface - LAN (It depends to your site)
  • Source - Remote Address profile
  • Destination - Local Address profile
  • Schedule and Service - It is up to you
  • Action - Enabled
  • Inspection Mode - Flow-based
It is necessary to create this Policy for two times. One as you see and one with switched Interfaces and Source/Destination.
Last modified 5mo ago