Chapter 10. Cloud Technologies
10.6 Site-to-Site VPN between FortiGate on Premise and FortiGate in the AWS
Learning Objectives
- Configure a VPN Wizard in AWS
- Configure site-to-site VPN between FortiGate on premise and AWS
- Identify FortiGate subnets in AWS
Scenario: In this lab, we are going to create a site-to-site VPN from FortiGate on premise to FortiGate in the AWS. Knowing the configuration of section 10.5 is necessary for this lab. Port1 FortiGate on premise is set as a DHCP, so it will receive an IP address from Cloud.
On-Premise FortiGate Configuration
| Device | Interface | IP address |
|---|---|---|
| FortiGate | Port 1 | DHCP Client |
| Port 2 | 192.168.10.1/24 | – |
| WebTerm | Eth0 | 192.168.10.2/24 |
- Configure the interfaces of the firewall. Port2 by default is an internal interface and named “LAN” and Port1 is an external interface and named “WAN”.
- Create a site-to-site VPN from IPsec Wizard as Figures 10.156 to 10.158.
- Create a static route to the default gateway.
AWS Configuration
- Create a FortiGate firewall in AWS and configure the interfaces. You need to do all steps in section 10.5.
- Create a VPN from IPsec Wizard as Figures 10.160 to 10.162.
- Create static routes on FortiGate. We are going to create two static routes as follows:
- Go to VPN > IPsec Tunnels and check status of the tunnel.
- You should be able to ping from WebTerm to Virtual Machine on AWS and vice versa.