As we discussed in many articles before, sometime we need to establish a siste to site VPN between you local environment and your Azure infrastructure, for example when you extend you AD or SQL to azure.
In Setup Site to Azure VPN Article which we discussed before, we explained how to prepare Azure side to be ready to connect with you local Environment using VPN connection.
In this article we will discuss how to setup your FortiGate firewall to connect with azure gateway to establish the VPN connection.
1- FortiGate firewall with OS version 5.2 or later.
2- Good knowledge in FortiGate firewall devices.
Let’s begin the implementation part:
Below is the diagram of the connection between your local firewall and azure:
Login to your firewall login page, then Go to VPN > IPsec > Wizard and select Custom VPN Tunnel:
Enter the desired parameters. Set the Remote Gateway IP Address (Azure Public IP address),. Set the Local Interface to wan1. Under Authentication, enter the Pre-shared Key provided by Microsoft Azure, you can learn how to obtain the shared key in this article:
Select the LAN interface you have and local subnet (which mean your LAN subnet) and remote subnets (which mean Azure Subnet):
After you click create the VPN tunnel will be created, go to VPN > IPSec tunnels > Azure VPN and click edit.
In the TOP of the tunnel you will find option (custom-Static IP address) click on it then you will find the below parameters, please do the same as below :
After editing the phase 1 and phase 2. Two policies will be created automatically,
Go to Policy and Objects>IPv4 then you will find two polices allow traffic from Azure to LAN and from LAN to Azure:
Finally, go to VPN > Monitor > IPsec Monitor. Right-click the tunnel you created and select Bring Up to activate the tunnel.
Ahmad Al-Kafaween in a Specialist Network Engineer and publisher at AzureDummies blog. He also hold many certificates in CISCO routing and switching, Cisco express foundation for field ( CXFF), Fortigate Security.