FortiGate

This guide will show you how to connect your FortiGate device to the GoodAccess Gateway via a site-to-site connection using the IPSec protocol.

Last updated 3 months ago

Was this helpful?

This guide will show you how to connect your FortiGate device to the GoodAccess Gateway via a site-to-site connection using the IPSec protocol.

Step 1 - Creating a new branch connection

Click + Add new, enter the Branch name and subnet, and select Gateway.

Choose IPSec Protocol, fill out the Settings configuration form, and click Save.

You may return to the configuration via the Edit button of your Branch at any time.

Example of configuration (Default preset):

Log in to your FortiGate device, and go to Policy & Objects > Addresses. Click Create New and select Address.

Give the address a name and set the configuration as follows:

You have to create two Addresses - local and remote.

Type - Subnet
IP/Netmask - Subnet of FortiGate's local network and mask (e.g. 131.31.231.0/255.255.255.0)
Interface - Optional

Click OK to confirm your settings.

Type - Subnet
IP/Netmask - Subnet of your GoodAccess Gateway and mask (e.g. 124.24.0.0/255.255.252.0)
Interface - Optional

Click OK to confirm your settings.

Go to VPN > IPsec Tunnels. Click Create New and select IPSec Tunnel.

Give the tunnel a name, select Custom, and click Next.

Edit all the sections as follows:

Remote Gateway - Static IP Address
IP Address - IP of your GoodAccess Gateway
Interface - WAN (depends on your site)
NAT Traversal - Optional
Deed Peer Detection - Optional
Advanced:
1. Add route - Enabled
2. Auto discovery sender - Disabled
3. Auto discovery receiver - Disabled
4. Exchange interface IP - Disabled
5. Device creation - Enabled

Method - Pre-shared Key

IKE Version - 2

Click OK to confirm your settings.

Go to Network > Static Routes and click Create New.

Set the Destination as Subnet and enter the subnet of your GoodAccess Gateway and mask (e.g. 124.24.0.0/255.255.252.0).

Click OK to confirm your settings.

You have now successfully connected your device to GoodAccess.

Firewall rules

Make sure that your device allows incoming connections from your GoodAccess Gateway private subnet on the following ports:

You may check the status of the connection in:

Last updated 3 months ago

Was this helpful?