Scribd
Upload
2K views5 pages

Basic Firewall Configuration - Fortigate To Mikrotik Ipsec VPN

This document provides configuration steps to create an IPsec VPN tunnel between a FortiGate firewall and MikroTik device. It outlines the network diagram, phase 1 and phase 2 configurations on the FortiGate including pre-shared key, firewall policies and static route to allow communication between the 10.0.1.0/24 and 10.0.2.0/24 networks across the VPN tunnel. It also describes basic phase 1, phase 2 and DH group configurations required on the MikroTik side and confirms establishment of the VPN connection.

Uploaded by

Leocadio Fazolari
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
2K views5 pages

Basic Firewall Configuration - Fortigate To Mikrotik Ipsec VPN

This document provides configuration steps to create an IPsec VPN tunnel between a FortiGate firewall and MikroTik device. It outlines the network diagram, phase 1 and phase 2 configurations on the FortiGate including pre-shared key, firewall policies and static route to allow communication between the 10.0.1.0/24 and 10.0.2.0/24 networks across the VPN tunnel. It also describes basic phase 1, phase 2 and DH group configurations required on the MikroTik side and confirms establishment of the VPN connection.

Uploaded by

Leocadio Fazolari
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 5

Basic Firewall Configuration –

FortiGate to MikroTik IPsec VPN


Purpose of this document
Configuration steps in order to create a IPsec VPN Tunnel between a FortiGate Firewall and MikroTik device.

Devices used in this configuration


 Fortigate VM version 5.2.1
 MikroTik VM Version 5.20

Network Diagram
10.200.1.1/24 10.200.3.1/24

WWW

10.0.1.0/24 10.0.2.0/24
FortiGate Configuration
Phase 1 Configuration
Config vpn ipsec phase1-interface
Edit “Mikrotik”
Set interface “port1”
Set proposal 3des-sha1
Set dhgrp 2
Set remote-gw 10.200.3.1
Set pksecret <PSK>
Next
End

Phase 2 Configuration
Config vpn ipsec phase2-interface
Edit “Private IP”
Set phase1name “Mikrotik”
Set proposal 3des-sha1
Set dhgrp 2
Set keylife seconds 1800
Set src-subnet 10.0.1.0 255.255.255.0
Set dst-subnet 10.0.2.0 255.2555.255.0
Next
End

Firewall Policies
LAN to Remote

Edit 1
Set srcintf “port3”
Set dstintf “Mikrotik”
Set srcaddr “10.0.1.0/24”
Set dstaddr “10.0.2.0/24”
Set action accept
Set schedule “always”
Set service “ALL”
Set logtraffic all
Next

Remote to LAN

Edit 2
Set srcintf “Mikrotik”
Set dstintf “port3”
Set srcaddr “10.0.2.0/24”
Set dstaddr “10.0.1.0/24”
Set action accept
Set schedule “always”
Set service “ALL”
Set logtraffic all
Next
Static Route
Config router static
Edit 1
Set dst 10.0.2.0 255.255.255.0
Set device “Mikrotik”
Next
End

Confirmation of VPN Status


MikroTik Configuration
Phase 1

Phase 2
DH selection - Proposal

MikroTik DH Groups (PFS Group)

Confirmation of VPN Status

You might also like