FortiGate Lab – BGP over IPSec (VTI) – Web Gui Configuration

Start Azure Fortigate Test Drive Environment

1 Go to https://azuremarketplace.microsoft.com/en-us/marketplace/apps/fortinet.fortinet-fortigate?ocid=FortiGate_202105_landingpage_en-us  or https://www.fortigate-azure.com/. Choose a Test Drive, sign in and agree to the terms of use.

2 After system complete the provisioning, you will get a page to tell you Your Test Drive is ready. The testdrive lab will last for three hours. 

Once you complete the form, your Test Drive will start deploying. In addition to the webpage information, in a few minutes you will also get an email notification that the environment is ready. Just follow instructions in the webpage or in the email, and you will be able to access a fully provisioned and ready to use environment.

3 After three hours if you have not completed the test drive use case, you still have a chance to repeat test drive to try it again. 

4 When the Test Drive is ready click on the FortiGate link to open the GUI.

Create IPSec VPN Using Custom VPN Wizard

1 VPN Creation Wizard - Choose custom

Pre-shared Key & IKE v1 Main Mode & Phase 1 Proposal

Phase 2 Proposal

2 Complete VPN Configuration on both sides. 

3 Create bi-directional Firewall Policy rules

On NetSec site, I have to enable NAT on the rule which allows tunnel traffic to lan as show below

4 Create static route

5 Test from Test site to Netsec site

C:/Users/netsec>tracert 10.254.0.9 Tracing route to 10.254.0.9 over a maximum of 30 hops 1 1 ms <1 ms <1 ms 10.1.1.4 2 * * * Request timed out. 3 8 ms 7 ms 7 ms 10.254.0.9 PS C:/Users/netsec> Test-NetConnection -ComputerName 10.254.0.9 -Port 22 ComputerName : 10.254.0.9 RemoteAddress : 10.254.0.9 RemotePort : 22 InterfaceAlias : Ethernet SourceAddress : 10.1.1.5 TcpTestSucceeded : True Traffic log can be found from page Log & Report - Forward Traffic  

Videos