GoodAccess
GoodAccess WebsiteRequest Free TrialDownload App
Search…
Welcome to GoodAccess
Getting started
First steps
How to connect
Team management
Systems
Access Control
Admins & Roles
BackUp Gateway
Advanced networking
IP whitelisting
Clouds & Branches
Clouds
Branches (On-premise)
Barracuda
MikroTik
Cisco
FortiGate
pfSense
Check Point
Zyxel USG
Palo Alto
SonicWall
Sophos XG
UniFi USG
Untangle NG
WatchGuard
Juniper (JunOS) SRX
Cisco ASA (Route Based)
TP-Link
Synology
D-Link DIR-130/330
Netgear BR500
Linksys
DrayTek Vigor 3900
Cisco Meraki
Split tunneling
RDP - Windows
Port forwarding
Security & Compliance
2FA
Secure Shield
DNS Management
SSO
FAQ
Gateways
Product
Payments & Billing
Troubleshooting
Technical issues
Payments & Billing
Login & Password
Powered By GitBook
FortiGate

Step 1

Go to Clouds & Branches and click on Add new

Step 2

Prepare the settings of IPsec profile and save it for later (You can open this menu by clicking on Edit branch in Clouds & Branches).

Step 3

Once you saved the configuration you will be able to check details of your Branch (subnet, gateway, etc.)
Details of Branch -> Action button on the right side -> Configuration guide

Step 4

Go to Policy & Object and Open Addresses -> Create new -> Address

Step 5

You have to create two Addresses profiles
  • Local
  • Remote
Local
  • Type - Subnet
  • IP/Netmask -Subnet of Local network of FortiGate and mask
  • Interface - Optional
Remote
  • Type - Subnet
  • IP/Netmask - Subnet IP of GoodAccess gateway and mask
  • Interface - Optional

Step 6

Go to VPN -> IPsec Tunnels and Create New - IPsec Tunnel

Step 7

Select Custom and continue.

Step 8

It is necessary to set up all following options

Network

  • Remote Gateway - Static IP Address
  • IP Address - GoodAccess gateway IP
  • Interface - WAN (It depends on your site)
  • NAT Traversal - Optional
  • Deed Peer Detection - On Demand
  • Rest as you can see

Authentication

Method - Pre-shared Key
Pre-shared Key - Your password (the same like you set in GoodAccess; Step 2)
IKE Version - 2

Phase 1

It is necessary to use the same settings like in GoodAccess

Phase 2

It is necessary to use the same settings like in GoodAccess
  • Local Address - Address profile you've created in Step 5
  • Remote Address - Address profile you've created in Step 5
  • Rest must the same like configuration in GoodAccess - Step 2

Step 9

Go to Network -> Static Routes -> Create new

Step 10

Destination - Subnet and populate GoodAccess gateway subnet IP + mask

Step 11

Go to Policy & Objects -> Firewall Policy -> Create New
  • Incoming Interface - IPsec Tunel
  • Outgoing Interface - LAN (It depends to your site)
  • Source - Remote Address profile
  • Destination - Local Address profile
  • Schedule and Service - It is up to you
  • Action - Enabled
  • Inspection Mode - Flow-based
It is necessary to create this Policy for two times. One as you see and one with switched Interfaces and Source/Destination.
Previous
Cisco
Next
pfSense
Last modified 5mo ago
Copy link
Outline
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Step 7
Step 8
Network
Authentication
Phase 1
Phase 2
Step 9
Step 10
Step 11