Introduction
I am gonna show you, step by step how to configure a Site-to-Site VPN between a FortiGate Firewall and Microsoft Azure. The following steps describe how to configure a site-to-site VPN tunnel.
- Creating the Microsoft Azure virtual network
- Creating the Microsoft Azure virtual network gateway
- Creating the Microsoft Azure Local network gateway
- Creating the VPN Connection
- Configuring the FortiGate tunnel
- Creating the FortiGate firewall addresses
- Creating the FortiGate firewall policies
- Connectivity Test
Create the Virtual Networks
Step 1: Let’s go to the Microsoft Azure portal. Search for Virtual Network and click on the search result Virtual Networks.
Step 2: Click on the Create button on the Virtual Network step.
Step 3: On the Create virtual network step, select the Basics tab and then provide the below details as your wish.
- Subscription: Select your active subscription.
- Resource group: Select an existing resource group or we can create a new resource group.
- Name: We have to provide a meaningful name for the virtual network.
- Region: Select the nearest Region.
Once you filled in, Click on the Next: IP Addresses button to navigate to the IP Addresses step.
Step 4: In this step, We need to provide the virtual network address space, specified as one or more address prefixes in CIDR 10.0.0.0/24.
Add Subnet: The subnets address range in CIDR 10.0.0.0/24. It should be contained by the address space of the virtual network.
Step 5: Now, it will validate all the data entered by me and show you the Validation passed. Finally, we have to click on the Create button to create the Virtual network.
Step 6: In this step, it will show you “Your deployment is complete”. Then click on the Go to resource button to navigate to the virtual network interface.
Create the Virtual Network Gateway
Step 7: Let’s go to the Microsoft Azure portal. Search for Virtual network gateway and click on the search result Virtual network gateway.
Step 8: On the Virtual network gateways interface, Click Create.
Step 9: On the Create Virtual network gateway step, select the Basics tab and then provide the below details as your wish.
- Name: We have to provide a name that matches the name of our new virtual network.
- Gateway type: Select VPN.
- VPN type: Select Route-based VPN.
- SKU: Select Basic, as it fits the requirements of most SMBs (Server Message Blocks).
- Virtual network: Choose the Virtual Network that we created.
- Public IP address: Create a new public IP address, give it a meaningful name.
Click on Review + Create. (The creation of the virtual network gateway will take some time to complete).
Step 10: Now, it will validate all the data entered by me and show you the Validation passed. Finally, we have to click on the Create button to create the virtual network gateway.
Step 11: In this step, it will show you “Your deployment is complete”.
Create the Local Network Gateway
We should create another interface to represent Our (Newhelptech Datacenter) local on-premises network. Microsoft Azure knows your location, and what is behind our (Newhelptech Datacenter) firewall.
Step 12: Let’s go to the Microsoft Azure portal. Search for Local Network Gateway and click on the search result Local Network Gateway.
Step 13: Click on the Create button on the Local Network Gateway step.
Step 14: In this Step, Create a local gateway that represents our (NewHelptech Datacenter) local network firewall.
Step 15: Now, it will validate all the data entered by me and show you the Validation passed. Finally, we have to click on the Create button.
Step 16: In this step, it will show you “Your deployment is complete”.
Create a Site-to-Site VPN between Azure to FortiGate
Step 16: Let’s get into the Virtual network gateways interface then click on the Connections tab after that click on Add button. We have to provide the below details as your wish
- Name: Provide a name related to the Azure Virtual network that you are creating.
- Connection type: From the drop-down, select Site-to-Site (IPSec).
- Local network gateway: Select the Local network gateway that we created.
- Shared key (PSK): Provide a complex string and save it securely. You must provide this key on your on-premises (Newhelptech Datacenter) firewall.
After entering these details, click on the OK button.
On-Prem FortiGate Firewall (Newhelptech Datacenter) configuration
Step 17: To create VPN Tunnels go to the VPN tab then select IPSec Tunnels then click on Create New.
Step 18: The VPN Create Wizard table once appears and fills in the following configuration information.
- Remote IP address – public IP address of the Azure virtual network gateway. (104.208.74.7)
- Outgoing interface – port4 (WAN)
- Authentication method – Pre-shared key (From Azure Connection)
Click on Next.
Step 19: The VPN Create Wizard table Policy and & Routing appears and fills in the following configuration information.
- Local interface: port1 (We should select our LAN connecting interface)
- Local Address: Select Subnet and enter Fortinet’s 192.168.2.0/24 LAN subnet.
- Remote Address (Azure): Select Subnet and enter Azure 10.1.0.0/24 Backend subnet.
Click on Create.
Step 20: Now, Site to Site VPN has been created on FortiGate firewall.
Step 21: Please see the below screenshots for your reference of configuring the parameters FortiGate firewall Site to Site VPN between NewHelptech Datacenter to Azure.
Step 22: On the Fortinet NewHelpTech Datacenter firewall and Azure VPN Connection , we can check whether the VPN connection is successful or not by going to Monitor then clicking on IPSec Monitor.
We will see that the VPN connection has been established and there is Incoming Data and Outgoing Data traffic.
Connectivity Test
We established the connection. Let us ping from NewHelpTech DataCneter to Azure VM 10.1.0.4.
I would greatly appreciate it if you kindly give some feedback on my articles. It will be a booster 🤝
Happy New Year 2022
- Categories
- Microsoft Azure
