Hello there,

As you may know nowadays Fortigate has become one of the Next Generation (NG) Firewall solution, sitting down together with Palo Alto and even Checkpoint which is most expensive device. But, fortunately Fortigate comes with very friendly cost for selected version and that’s the reason i choose this product as most of my clients are small medium business with “limited” budget 🙂

So, this task had been becoming one of  my project before i started with many things with Fortigate product. But it was very painful time and limited resource during the troubleshooting stage (I put also the tshoot session here) since i called neither nobody from my expert team nor getting technical support from Fortigate itself. At the end I finally configured this task and accomplished the project.

Off to the topic.

First thing first. Before going further there are several things that you have to bear in mind:

  1. IPSEC does not support L2 VPN (bridging), which mean you cannot extend your current network within two or more VPN sites
  2. Ensure you are using separated network topology between main and remote site
  3. Even it is possible to have same subnet between sites by leveraging NAT feature but i wont recommend it as it might lead into confusion in the future for your network design
  4. No matter what kind of algorithm and pre-shared key you choose as long as they are match against each other then you will have them connected
  5. Find any log if you encountered any issue during VPN setup

What i used for setup this VPN as follows;

  1. Fortigate F60E with firmware v5.4.9 (main site)
  2. RB951 with OS 6.40 (remote site)
  3. Both of them directly connected using IP public

*If your router behind the modem therefore you may to create port forward UDP 500 & UDP 4500 respectively.

Make sure all traffic to internet has been setup correctly and end devices could able to connect to internet.

As an example we would use following subnet;

192.168.0.0/24 (main site)

192.168.40.0/24 (remote site)

So, we will setup VPN on next post.

Keep visiting my blog.