FortiGate
This guide will show you how to connect your FortiGate device to the GoodAccess Gateway via a site-to-site connection using the IPSec protocol.
Last updated
Was this helpful?
This guide will show you how to connect your FortiGate device to the GoodAccess Gateway via a site-to-site connection using the IPSec protocol.
Last updated
Was this helpful?
Click + Add new, enter the Branch name and subnet, and select Gateway.
Choose IPSec Protocol, fill out the Settings configuration form, and click Save.
Log in to your FortiGate device, and go to Policy & Objects > Addresses. Click Create New and select Address.
Give the address a name and set the configuration as follows:
Type - Subnet
IP/Netmask - Subnet of FortiGate's local network and mask (e.g. 131.31.231.0/255.255.255.0)
Interface - Optional
Click OK to confirm your settings.
Type - Subnet
IP/Netmask - Subnet of your GoodAccess Gateway and mask (e.g. 124.24.0.0/255.255.252.0)
Interface - Optional
Click OK to confirm your settings.
Go to VPN > IPsec Tunnels. Click Create New and select IPSec Tunnel.
Give the tunnel a name, select Custom, and click Next.
Edit all the sections as follows:
Remote Gateway - Static IP Address
IP Address - IP of your GoodAccess Gateway
Interface - WAN (depends on your site)
NAT Traversal - Optional
Deed Peer Detection - Optional
Advanced:
Add route - Enabled
Auto discovery sender - Disabled
Auto discovery receiver - Disabled
Exchange interface IP - Disabled
Device creation - Enabled
Method - Pre-shared Key
IKE Version - 2
Click OK to confirm your settings.
Go to Network > Static Routes and click Create New.
Set the Destination as Subnet and enter the subnet of your GoodAccess Gateway and mask (e.g. 124.24.0.0/255.255.252.0).
Click OK to confirm your settings.
You have now successfully connected your device to GoodAccess.
Firewall rules
Make sure that your device allows incoming connections from your GoodAccess Gateway private subnet on the following ports:
UDP 500
UDP 4500
Pre-shared Key - Shared Secret
Must match configuration from GoodAccess .
Must match configuration from GoodAccess .
Local/Remote Address - Select Named Address, and choose Local/Remote Address