Comment on page
FortiGate
This guide will show you how to connect your FortiGate device to the GoodAccess Gateway via a site-to-site connection using the IPsec protocol.
Click + Add new, enter the Branch name and subnet, and select Gateway.
Choose IPSec Protocol, fill out the Settings configuration form, and click Save.
You may return to the configuration via the Edit button of your Branch at any time.
Log in to your FortiGate device, and go to Policy & Objects > Addresses. Click Create New and select Address.
Give the address a name and set the configuration as follows:
You have to create two Addresses - local and remote.
Creating a new address
- Type - Subnet
- IP/Netmask - Subnet of FortiGate's local network and mask (e.g. 131.31.231.0/255.255.255.0)
- Interface - Optional
Creating a local address
Click OK to confirm your settings.
- Type - Subnet
- IP/Netmask - Subnet of your GoodAccess Gateway and mask (e.g. 124.24.0.0/255.255.252.0)
- Interface - Optional
Creating a remote address
Click OK to confirm your settings.
Go to VPN > IPsec Tunnels. Click Create New and select IPSec Tunnel.
Give the tunnel a name, select Custom, and click Next.
Edit all the sections as follows:
Creating a new IPSec tunnel
Naming a new IPSec tunnel
Setting up a new IPSec tunnel
- Remote Gateway - Static IP Address
- IP Address - IP of your GoodAccess Gateway
- Interface - WAN (depends on your site)
- NAT Traversal - Optional
- Deed Peer Detection - Optional
- Advanced:
- 1.Add route - Enabled
- 2.Auto discovery sender - Disabled
- 3.Auto discovery receiver - Disabled
- 4.Exchange interface IP - Disabled
- 5.Device creation - Enabled
Setting up the network section of a IPSec tunnel
Method - Pre-shared Key
IKE Version - 2
Setting up the authentication section of a IPSec tunnel
Setting up the Phase I section of a IPSec tunnel
Setting up the Phase II section of a IPSec tunnel
Click OK to confirm your settings.
Go to Network > Static Routes and click Create New.
Set the Destination as Subnet and enter the subnet of your GoodAccess Gateway and mask (e.g. 124.24.0.0/255.255.252.0).
Click OK to confirm your settings.
Creating a new static route
Setting up the new static route
Go to Policy & Objects > Firewall Policy and click Create New.
Give the policy a name and set the configuration as follows:
- Incoming Interface - IPSec Tunnel
- Outgoing Interface - LAN (depends on your site)
- Schedule and Service - Optional
- Action - ACCEPT
- Inspection Mode - Flow-based
Click OK to confirm your settings.
Creating a new firewall policy
You have now successfully connected your device to GoodAccess.
You may check the status of the connection in:
- GoodAccess - Control Panel > Clouds & Branches > Edit button > Test connection
- FortiGate - Monitor > IPSec Monitor
Last modified 4mo ago