{"id":376,"date":"2022-05-18T18:44:43","date_gmt":"2022-05-18T22:44:43","guid":{"rendered":"https:\/\/opentextbc.ca\/fortigatefirewall\/chapter\/s2s-vpn-fortigate-on-prem-azure\/"},"modified":"2023-08-29T16:28:08","modified_gmt":"2023-08-29T20:28:08","slug":"s2s-vpn-fortigate-on-prem-azure","status":"publish","type":"chapter","link":"https:\/\/opentextbc.ca\/fortigatefirewall\/chapter\/s2s-vpn-fortigate-on-prem-azure\/","title":{"raw":"10.3 Site to Site VPN between FortiGate on Premise and FortiGate in the Azure","rendered":"10.3 Site to Site VPN between FortiGate on Premise and FortiGate in the Azure"},"content":{"raw":"<div class=\"textbox textbox--learning-objectives\"><header class=\"textbox__header\">\n<p class=\"textbox__title\">Learning Objectives<\/p>\n\n<\/header>\n<div class=\"textbox__content\">\n<ul>\n \t<li>Configure a VPN Wizard in Azure<\/li>\n \t<li>Configure site-to-site VPN between FortiGate on premise and Azure<\/li>\n \t<li>Identify FortiGate subnets in Azure<\/li>\n<\/ul>\n<\/div>\n<\/div>\n\n[caption id=\"attachment_365\" align=\"aligncenter\" width=\"1265\"]<img class=\"wp-image-365 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2022\/05\/pastedImage.png\" alt=\"Site to Site VPN between FortiGate on premise and FortiGate in the Azure\" width=\"1265\" height=\"673\"> Figure 10.49: Main scenario[\/caption]\n\n<div class=\"textbox shaded\"><strong>Scenario<\/strong>: In this lab, we are going to create a site-to-site VPN from FortiGate on premise to FortiGate in the Azure. Knowing the configuration from <a class=\"internal\" href=\"\/fortigatefirewall\/chapter\/deploy-fortigate-in-azure\/\">section 10.2<\/a> is necessary for this lab. Port1 is set as a DHCP, so they will receive an IP address from Cloud.<\/div>\n<table class=\"aligncenter\" style=\"border-collapse: collapse; width: 100%; height: 63px;\" border=\"0\"><caption>Table 10.3: Devices configuration<\/caption>\n<tbody>\n<tr style=\"height: 18px;\">\n<th style=\"width: 25%; height: 18px;\" scope=\"col\">Device<\/th>\n<th style=\"width: 25%; height: 18px;\" scope=\"col\">Interface<\/th>\n<th style=\"width: 25%; height: 18px;\" scope=\"col\">IP address<\/th>\n<\/tr>\n<tr style=\"height: 18px;\">\n<td style=\"width: 25%; height: 27px;\" rowspan=\"2\">FortiGate<\/td>\n<td style=\"width: 25%; height: 17px;\">Port 1<\/td>\n<td style=\"width: 25%; height: 17px;\">DHCP Client<\/td>\n<\/tr>\n<tr style=\"height: 10px;\">\n<td style=\"width: 25%; height: 10px;\">Port 2<\/td>\n<td style=\"width: 25%; height: 10px;\">192.168.10.1\/24<\/td>\n<\/tr>\n<tr style=\"height: 18px;\">\n<td style=\"width: 25%; height: 18px;\">WebTerm<\/td>\n<td style=\"width: 25%; height: 18px;\">Eth0<\/td>\n<td style=\"width: 25%; height: 18px;\">192.168.10.2\/24<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<ol>\n \t<li>On Premise FortiGate Configuration. Follow these steps:\n<ol>\n \t<li>Configure the interfaces of the firewall. Port2 by default is an internal interface and name as a \"LAN\" and Port1 is an external interface and name as a \"WAN\".\n\n[caption id=\"attachment_366\" align=\"aligncenter\" width=\"1126\"]<img class=\"wp-image-366 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00071.png\" alt=\"On Premise firewall Interfaces \" width=\"1126\" height=\"232\"> Figure 10.50: Firewall interfaces[\/caption]<\/li>\n \t<li>Create a site-to-site VPN from IPsec Wizard as Figures 10.51 to 10.53.\n\n[caption id=\"attachment_369\" align=\"aligncenter\" width=\"1103\"]<img class=\"wp-image-367 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00075.png\" alt=\"Step1- Select VPN Name\" width=\"1103\" height=\"344\"> Figure 10.51: Select VPN name[\/caption]\n\n[caption id=\"attachment_369\" align=\"aligncenter\" width=\"1085\"]<img class=\"wp-image-368 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00076.png\" alt=\"Step2- Set remote IP Address\" width=\"1085\" height=\"294\"> Figure 10.52: Set remote IP address[\/caption]\n\n[caption id=\"attachment_369\" align=\"aligncenter\" width=\"1126\"]<img class=\"wp-image-369 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00077.png\" alt=\"tep3- Set Policy &amp; Routing\" width=\"1126\" height=\"312\"> Figure 10.53: Set Policy &amp; Routing[\/caption]<\/li>\n \t<li>Create a static route to the default gateway.\n\n[caption id=\"attachment_370\" align=\"aligncenter\" width=\"500\"]<img class=\"wp-image-370\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00078.png\" alt=\"Set a default gateway\" width=\"500\" height=\"287\"> Figure 10.54: Set a default gateway[\/caption]<\/li>\n<\/ol>\n<\/li>\n \t<li>Azure Configuration. Follow these steps:\n<ol>\n \t<li>Create a FortiGate firewall in Azure and configure the interfaces. You need to do all steps found in <a class=\"internal\" href=\"\/fortigatefirewall\/chapter\/ipsec-vpn-fortigate-azure\/\">section 10.1<\/a>.<\/li>\n \t<li>Create a VPN from IPsec Wizard as Figures 10.55 to 10.57.\n\n[caption id=\"attachment_373\" align=\"aligncenter\" width=\"1060\"]<img class=\"wp-image-371 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00072.png\" alt=\"Step1- Select VPN Name in Azure \" width=\"1060\" height=\"448\"> Figure 10.55: Select VPN name[\/caption]\n\n[caption id=\"attachment_373\" align=\"aligncenter\" width=\"1063\"]<img class=\"wp-image-372 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00073.png\" alt=\"Step2-Set a remote IP address\" width=\"1063\" height=\"376\"> Figure 10.56: Set a remote IP address[\/caption]\n\n[caption id=\"attachment_373\" align=\"aligncenter\" width=\"1094\"]<img class=\"wp-image-373 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00074.png\" alt=\"Step3-Set Policy &amp; Routing\" width=\"1094\" height=\"382\"> Figure 10.57: Set Policy &amp; Routing[\/caption]<\/li>\n \t<li>Add a Linux or Windows Virtual Machine to <strong>Protected subnet<\/strong>. You don't need to enable public IP address. Your private IP address should be in the range of 10.0.2.0\/24.<\/li>\n \t<li>Go to <strong>VPN<\/strong> &gt; <strong>IPsec Tunnels<\/strong> and check status of the tunnel.\n\n[caption id=\"attachment_374\" align=\"aligncenter\" width=\"1402\"]<img class=\"wp-image-374 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00079.png\" alt=\"Check status of tunnel\" width=\"1402\" height=\"238\"> Figure 10.58: Check status of tunnel[\/caption]<\/li>\n \t<li>You should be able to ping from WebTerm to the Virtual Machine.\n\n[caption id=\"attachment_375\" align=\"aligncenter\" width=\"531\"]<img class=\"wp-image-375 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/Untitled11.png\" alt=\"Ping from webterm to Windows VM\" width=\"531\" height=\"166\"> Figure 10.59: Ping from WebTerm to Windows VM[\/caption]<\/li>\n<\/ol>\n<\/li>\n<\/ol>","rendered":"<div class=\"textbox textbox--learning-objectives\">\n<header class=\"textbox__header\">\n<p class=\"textbox__title\">Learning Objectives<\/p>\n<\/header>\n<div class=\"textbox__content\">\n<ul>\n<li>Configure a VPN Wizard in Azure<\/li>\n<li>Configure site-to-site VPN between FortiGate on premise and Azure<\/li>\n<li>Identify FortiGate subnets in Azure<\/li>\n<\/ul>\n<\/div>\n<\/div>\n<figure id=\"attachment_365\" aria-describedby=\"caption-attachment-365\" style=\"width: 1265px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-365 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2022\/05\/pastedImage.png\" alt=\"Site to Site VPN between FortiGate on premise and FortiGate in the Azure\" width=\"1265\" height=\"673\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2022\/05\/pastedImage.png 1265w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2022\/05\/pastedImage-300x160.png 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2022\/05\/pastedImage-1024x545.png 1024w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2022\/05\/pastedImage-768x409.png 768w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2022\/05\/pastedImage-65x35.png 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2022\/05\/pastedImage-225x120.png 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2022\/05\/pastedImage-350x186.png 350w\" sizes=\"auto, (max-width: 1265px) 100vw, 1265px\" \/><figcaption id=\"caption-attachment-365\" class=\"wp-caption-text\">Figure 10.49: Main scenario<\/figcaption><\/figure>\n<div class=\"textbox shaded\"><strong>Scenario<\/strong>: In this lab, we are going to create a site-to-site VPN from FortiGate on premise to FortiGate in the Azure. Knowing the configuration from <a class=\"internal\" href=\"\/fortigatefirewall\/chapter\/deploy-fortigate-in-azure\/\">section 10.2<\/a> is necessary for this lab. Port1 is set as a DHCP, so they will receive an IP address from Cloud.<\/div>\n<table class=\"aligncenter\" style=\"border-collapse: collapse; width: 100%; height: 63px;\">\n<caption>Table 10.3: Devices configuration<\/caption>\n<tbody>\n<tr style=\"height: 18px;\">\n<th style=\"width: 25%; height: 18px;\" scope=\"col\">Device<\/th>\n<th style=\"width: 25%; height: 18px;\" scope=\"col\">Interface<\/th>\n<th style=\"width: 25%; height: 18px;\" scope=\"col\">IP address<\/th>\n<\/tr>\n<tr style=\"height: 18px;\">\n<td style=\"width: 25%; height: 27px;\" rowspan=\"2\">FortiGate<\/td>\n<td style=\"width: 25%; height: 17px;\">Port 1<\/td>\n<td style=\"width: 25%; height: 17px;\">DHCP Client<\/td>\n<\/tr>\n<tr style=\"height: 10px;\">\n<td style=\"width: 25%; height: 10px;\">Port 2<\/td>\n<td style=\"width: 25%; height: 10px;\">192.168.10.1\/24<\/td>\n<\/tr>\n<tr style=\"height: 18px;\">\n<td style=\"width: 25%; height: 18px;\">WebTerm<\/td>\n<td style=\"width: 25%; height: 18px;\">Eth0<\/td>\n<td style=\"width: 25%; height: 18px;\">192.168.10.2\/24<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<ol>\n<li>On Premise FortiGate Configuration. Follow these steps:\n<ol>\n<li>Configure the interfaces of the firewall. Port2 by default is an internal interface and name as a &#8220;LAN&#8221; and Port1 is an external interface and name as a &#8220;WAN&#8221;.<br \/>\n<figure id=\"attachment_366\" aria-describedby=\"caption-attachment-366\" style=\"width: 1126px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-366 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00071.png\" alt=\"On Premise firewall Interfaces\" width=\"1126\" height=\"232\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00071.png 1126w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00071-300x62.png 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00071-1024x211.png 1024w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00071-768x158.png 768w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00071-65x13.png 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00071-225x46.png 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00071-350x72.png 350w\" sizes=\"auto, (max-width: 1126px) 100vw, 1126px\" \/><figcaption id=\"caption-attachment-366\" class=\"wp-caption-text\">Figure 10.50: Firewall interfaces<\/figcaption><\/figure>\n<\/li>\n<li>Create a site-to-site VPN from IPsec Wizard as Figures 10.51 to 10.53.<br \/>\n<figure id=\"attachment_369\" aria-describedby=\"caption-attachment-369\" style=\"width: 1103px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-367 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00075.png\" alt=\"Step1- Select VPN Name\" width=\"1103\" height=\"344\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00075.png 1103w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00075-300x94.png 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00075-1024x319.png 1024w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00075-768x240.png 768w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00075-65x20.png 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00075-225x70.png 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00075-350x109.png 350w\" sizes=\"auto, (max-width: 1103px) 100vw, 1103px\" \/><figcaption id=\"caption-attachment-369\" class=\"wp-caption-text\">Figure 10.51: Select VPN name<\/figcaption><\/figure>\n<figure id=\"attachment_369\" aria-describedby=\"caption-attachment-369\" style=\"width: 1085px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-368 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00076.png\" alt=\"Step2- Set remote IP Address\" width=\"1085\" height=\"294\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00076.png 1085w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00076-300x81.png 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00076-1024x277.png 1024w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00076-768x208.png 768w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00076-65x18.png 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00076-225x61.png 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00076-350x95.png 350w\" sizes=\"auto, (max-width: 1085px) 100vw, 1085px\" \/><figcaption id=\"caption-attachment-369\" class=\"wp-caption-text\">Figure 10.52: Set remote IP address<\/figcaption><\/figure>\n<figure id=\"attachment_369\" aria-describedby=\"caption-attachment-369\" style=\"width: 1126px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-369 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00077.png\" alt=\"tep3- Set Policy &amp; Routing\" width=\"1126\" height=\"312\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00077.png 1126w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00077-300x83.png 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00077-1024x284.png 1024w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00077-768x213.png 768w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00077-65x18.png 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00077-225x62.png 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00077-350x97.png 350w\" sizes=\"auto, (max-width: 1126px) 100vw, 1126px\" \/><figcaption id=\"caption-attachment-369\" class=\"wp-caption-text\">Figure 10.53: Set Policy &amp; Routing<\/figcaption><\/figure>\n<\/li>\n<li>Create a static route to the default gateway.<br \/>\n<figure id=\"attachment_370\" aria-describedby=\"caption-attachment-370\" style=\"width: 500px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-370\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00078.png\" alt=\"Set a default gateway\" width=\"500\" height=\"287\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00078.png 851w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00078-300x172.png 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00078-768x441.png 768w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00078-65x37.png 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00078-225x129.png 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00078-350x201.png 350w\" sizes=\"auto, (max-width: 500px) 100vw, 500px\" \/><figcaption id=\"caption-attachment-370\" class=\"wp-caption-text\">Figure 10.54: Set a default gateway<\/figcaption><\/figure>\n<\/li>\n<\/ol>\n<\/li>\n<li>Azure Configuration. Follow these steps:\n<ol>\n<li>Create a FortiGate firewall in Azure and configure the interfaces. You need to do all steps found in <a class=\"internal\" href=\"\/fortigatefirewall\/chapter\/ipsec-vpn-fortigate-azure\/\">section 10.1<\/a>.<\/li>\n<li>Create a VPN from IPsec Wizard as Figures 10.55 to 10.57.<br \/>\n<figure id=\"attachment_373\" aria-describedby=\"caption-attachment-373\" style=\"width: 1060px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-371 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00072.png\" alt=\"Step1- Select VPN Name in Azure\" width=\"1060\" height=\"448\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00072.png 1060w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00072-300x127.png 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00072-1024x433.png 1024w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00072-768x325.png 768w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00072-65x27.png 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00072-225x95.png 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00072-350x148.png 350w\" sizes=\"auto, (max-width: 1060px) 100vw, 1060px\" \/><figcaption id=\"caption-attachment-373\" class=\"wp-caption-text\">Figure 10.55: Select VPN name<\/figcaption><\/figure>\n<figure id=\"attachment_373\" aria-describedby=\"caption-attachment-373\" style=\"width: 1063px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-372 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00073.png\" alt=\"Step2-Set a remote IP address\" width=\"1063\" height=\"376\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00073.png 1063w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00073-300x106.png 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00073-1024x362.png 1024w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00073-768x272.png 768w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00073-65x23.png 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00073-225x80.png 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00073-350x124.png 350w\" sizes=\"auto, (max-width: 1063px) 100vw, 1063px\" \/><figcaption id=\"caption-attachment-373\" class=\"wp-caption-text\">Figure 10.56: Set a remote IP address<\/figcaption><\/figure>\n<figure id=\"attachment_373\" aria-describedby=\"caption-attachment-373\" style=\"width: 1094px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-373 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00074.png\" alt=\"Step3-Set Policy &amp; Routing\" width=\"1094\" height=\"382\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00074.png 1094w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00074-300x105.png 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00074-1024x358.png 1024w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00074-768x268.png 768w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00074-65x23.png 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00074-225x79.png 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00074-350x122.png 350w\" sizes=\"auto, (max-width: 1094px) 100vw, 1094px\" \/><figcaption id=\"caption-attachment-373\" class=\"wp-caption-text\">Figure 10.57: Set Policy &amp; Routing<\/figcaption><\/figure>\n<\/li>\n<li>Add a Linux or Windows Virtual Machine to <strong>Protected subnet<\/strong>. You don&#8217;t need to enable public IP address. Your private IP address should be in the range of 10.0.2.0\/24.<\/li>\n<li>Go to <strong>VPN<\/strong> &gt; <strong>IPsec Tunnels<\/strong> and check status of the tunnel.<br \/>\n<figure id=\"attachment_374\" aria-describedby=\"caption-attachment-374\" style=\"width: 1402px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-374 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00079.png\" alt=\"Check status of tunnel\" width=\"1402\" height=\"238\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00079.png 1402w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00079-300x51.png 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00079-1024x174.png 1024w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00079-768x130.png 768w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00079-65x11.png 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00079-225x38.png 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/ScreenShot00079-350x59.png 350w\" sizes=\"auto, (max-width: 1402px) 100vw, 1402px\" \/><figcaption id=\"caption-attachment-374\" class=\"wp-caption-text\">Figure 10.58: Check status of tunnel<\/figcaption><\/figure>\n<\/li>\n<li>You should be able to ping from WebTerm to the Virtual Machine.<br \/>\n<figure id=\"attachment_375\" aria-describedby=\"caption-attachment-375\" style=\"width: 531px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-375 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/Untitled11.png\" alt=\"Ping from webterm to Windows VM\" width=\"531\" height=\"166\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/Untitled11.png 531w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/Untitled11-300x94.png 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/Untitled11-65x20.png 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/Untitled11-225x70.png 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/Untitled11-350x109.png 350w\" sizes=\"auto, (max-width: 531px) 100vw, 531px\" \/><figcaption id=\"caption-attachment-375\" class=\"wp-caption-text\">Figure 10.59: Ping from WebTerm to Windows VM<\/figcaption><\/figure>\n<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n","protected":false},"author":124,"menu_order":3,"template":"","meta":{"pb_show_title":"on","pb_short_title":"","pb_subtitle":"","pb_authors":[],"pb_section_license":""},"chapter-type":[],"contributor":[],"license":[],"class_list":["post-376","chapter","type-chapter","status-publish","hentry"],"part":313,"_links":{"self":[{"href":"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-json\/pressbooks\/v2\/chapters\/376","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-json\/pressbooks\/v2\/chapters"}],"about":[{"href":"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-json\/wp\/v2\/types\/chapter"}],"author":[{"embeddable":true,"href":"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-json\/wp\/v2\/users\/124"}],"version-history":[{"count":1,"href":"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-json\/pressbooks\/v2\/chapters\/376\/revisions"}],"predecessor-version":[{"id":377,"href":"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-json\/pressbooks\/v2\/chapters\/376\/revisions\/377"}],"part":[{"href":"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-json\/pressbooks\/v2\/parts\/313"}],"metadata":[{"href":"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-json\/pressbooks\/v2\/chapters\/376\/metadata\/"}],"wp:attachment":[{"href":"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-json\/wp\/v2\/media?parent=376"}],"wp:term":[{"taxonomy":"chapter-type","embeddable":true,"href":"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-json\/pressbooks\/v2\/chapter-type?post=376"},{"taxonomy":"contributor","embeddable":true,"href":"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-json\/wp\/v2\/contributor?post=376"},{"taxonomy":"license","embeddable":true,"href":"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-json\/wp\/v2\/license?post=376"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}