Blog Archives

VPN Config vShield Edge to Fortigate

vShield Edge and VPN with Fortigate

VPN configuration for Fortigate is not documented you can find out all on this article ….

Please go to vShield configuration like below Administration -> Open vDC –> Edge Gateway -> Right click on right edge device –> Click Edge Gateway Services

Related screen show below taken from already configured one , but first you have to Enable VPN which you can see on left site , its a checkbox !
Quick not for you, if edge device is not connected internet and its behind of some networks and outside of this edge ip is private then you can click Configure Public IPs section and make a nat for reach that edge for VPN …
Before start please be careful to write down everything correct after submit config you do not have a chance to edit it, you have to delete and re-enter everything

Please click a “Add” for configure new VPN configuration , for phase1 and phase2 full settings defaults check this article. vCloud Director do not show full configuration like traditional firewall configuration.

Part 1

Give the name and description which will be indicator about VPN to whom or between
Establish VPN to : –> because of i imagine you will do VPN with remote network which is not in your provider vCloud island , selected a remote network
Choose which internal network will be interact with remote network
Peer Network : is remote network block, here we can not set single ip address, because looks like vShield not supporting it, i will provide infer later … Please use xxx.yyy.zz.ttt./24 or xxx.yyy.zz.ttt./29 bla bla ….
Local Endpoint : Leave default or desired one
Local ID : You can set any here, but i generally set ip address of my edge gateway outside ip here , again this could be hostname something which firewall use indicator for that
Peer ID :  You can set any here, but i generally set ip address of my remote firewall outside ip here , again this could be hostname something which firewall use indicator for that

Part 2

Peer IP : Very important, it should be exactly the remote firewall outside ip address which you will establish VPN
Encryption Protocol : Choose agreed one with remote site
Shared Key : like this 123451234512345123451234512345aA

if everything is okay, first screen you have to see check  sign on first screen which you enabled VPN first.
Generally on vCloud Director you need to wait little, everything is updating slow and in 5 mins everything start to seen correctly, do not worry about changes of status not seen correctly

For vCloud Director providers, do many things like debug , log or something else, use vShield Manager

For customers use syslog but looks like some debugs you need a syslog and also vCloud Director GUI still not comfortable for example if you want to change something you need to delete whole config and re-enter everything 😀

A good feature you will get notification about vpn tunnel when its up or down , mail will be like below

You will also get down message like top and also from vCloud Director GUI you can see the error message

Last thing about configuration ;

After over the vpn config you have to do one more thing, from firewall section you have to create rule to remote site access you network via vpn like below …

Fortigate site screen shots are below … i’m not explaining something, forti guys also should have a knowledge, if something you need to learn please comment me or send a mail / tweet from About page …