{"id":425,"date":"2022-05-26T22:00:21","date_gmt":"2022-05-27T02:00:21","guid":{"rendered":"https:\/\/opentextbc.ca\/fortigatefirewall\/chapter\/ipsec-vpn-fortigate-aws\/"},"modified":"2023-08-29T16:28:24","modified_gmt":"2023-08-29T20:28:24","slug":"ipsec-vpn-fortigate-aws","status":"publish","type":"chapter","link":"https:\/\/opentextbc.ca\/fortigatefirewall\/chapter\/ipsec-vpn-fortigate-aws\/","title":{"raw":"10.4 IPsec VPN from FortiGate (on Premise) to AWS","rendered":"10.4 IPsec VPN from FortiGate (on Premise) to AWS"},"content":{"raw":"<div class=\"textbox textbox--learning-objectives\"><header class=\"textbox__header\">\n<p class=\"textbox__title\">Learning Objectives<\/p>\n\n<\/header>\n<ul>\n \t<li>Configure a Customer Gateway in AWS<\/li>\n \t<li>Configure a Virtual Private Gateway<\/li>\n \t<li>Create an IPsec VPN between FortiGate on-Premise and AWS<\/li>\n<\/ul>\n<\/div>\n<div class=\"textbox shaded\"><strong>Scenario<\/strong>: We are going to connect on premise FortiGate to AWS Virtual Gateway. This is going to be IPsec VPN between FortiGate and AWS. First, we will configure AWS and then connect FortiGate through Port1 to AWS Virtual Gateway<\/div>\n&nbsp;\n\n[caption id=\"attachment_424\" align=\"aligncenter\" width=\"969\"]<img class=\"wp-image-378 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2022\/05\/10-60.jpg\" alt=\"Main scenario IPSEC VPN from FortiGate (on premise) to AWS\" width=\"969\" height=\"302\"> Figure 10.60: Main scenario[\/caption]\n<table class=\"aligncenter\" style=\"width: 100%;\"><caption><strong>Table 10.4: On-premise devices configuration<\/strong><\/caption>\n<tbody>\n<tr>\n<th style=\"width: 20.5382%;\" scope=\"col\">Device<\/th>\n<th style=\"width: 36.2606%;\" scope=\"col\">Configuration<\/th>\n<th style=\"width: 43.2011%;\" scope=\"col\">Access<\/th>\n<\/tr>\n<tr>\n<td style=\"width: 20.5382%;\">FortiGate<\/td>\n<td style=\"width: 36.2606%;\">Port 1: DHCP Client\n\nPort 2: 192.168.10.1\/24<\/td>\n<td style=\"width: 43.2011%;\">Port1: HTTP, HTTPS, PING\n\n&nbsp;<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 20.5382%;\">\u00a0WebTerm1<\/td>\n<td style=\"width: 36.2606%;\">192.168.10.2\/24<\/td>\n<td style=\"width: 43.2011%;\">-<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>AWS Configuration<\/h2>\n<ol>\n \t<li>Create a VPC for AWS as follows:\n<ul>\n \t<li><strong>Name tag:<\/strong> AWS Subnet<\/li>\n \t<li><strong>IPv4 CIDR:<\/strong> 10.0.0.0\/16<\/li>\n<\/ul>\n[caption id=\"attachment_380\" align=\"aligncenter\" width=\"1411\"]<img class=\"wp-image-379 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-61.jpg\" alt=\"Step1-Create a VPC\" width=\"1411\" height=\"339\"> Figure 10.61: Create a VPC[\/caption]\n\n[caption id=\"attachment_380\" align=\"aligncenter\" width=\"450\"]<img class=\"wp-image-380\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-62.jpg\" alt=\"Step2-Select VPC only\" width=\"450\" height=\"486\"> Figure 10.62: Create a VPC named \"AWS Subnet\"[\/caption]<\/li>\n \t<li>Create a private subnet under AWS VPC as follows:\n<ul>\n \t<li>VPC: <strong>AWS Subnet<\/strong><\/li>\n \t<li>Subnet Name: <strong>Private<\/strong><\/li>\n \t<li>IPv4 CIDR block<strong>: 10.0.1.0\/24<\/strong><\/li>\n<\/ul>\n[caption id=\"attachment_381\" align=\"aligncenter\" width=\"400\"]<img class=\"wp-image-381\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-64-1.jpg\" alt=\"Create a subnet under AWS VPC\" width=\"400\" height=\"482\"> Figure 10.63: Create a subnet under AWS VPC[\/caption]<\/li>\n \t<li>Create an internet gateway as follows:\n\n[caption id=\"attachment_385\" align=\"aligncenter\" width=\"1380\"]<img class=\"wp-image-382 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-65-1.jpg\" alt=\"Create an Internet Gateway\" width=\"1380\" height=\"361\"> Figure 10.64: Create an internet gateway[\/caption]\n\n[caption id=\"attachment_385\" align=\"aligncenter\" width=\"500\"]<img class=\"wp-image-383\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-66.jpg\" alt=\"\" width=\"500\" height=\"395\"> Figure 10.65: Select Name as AWS-IGW[\/caption]\n\n[caption id=\"attachment_385\" align=\"aligncenter\" width=\"1380\"]<img class=\"wp-image-384 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-67.jpg\" alt=\"\" width=\"1380\" height=\"363\"> Figure 10.66: Attach the internet gateway to VPC[\/caption]\n\n[caption id=\"attachment_385\" align=\"aligncenter\" width=\"500\"]<img class=\"wp-image-385\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-68.jpg\" alt=\"Step4-Attach the Internet Gateway to VPC\" width=\"500\" height=\"234\"> Figure 10.67: Attach the internet gateway to VPC[\/caption]<\/li>\n \t<li>Create a static route to the internet gateway (AWS-IGW). Edit Routes as follows:\n\n[caption id=\"attachment_389\" align=\"aligncenter\" width=\"1376\"]<img class=\"wp-image-386 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-69-2.jpg\" alt=\"\" width=\"1376\" height=\"600\"> Figure 10.68: Edit routes[\/caption]\n\n[caption id=\"attachment_389\" align=\"aligncenter\" width=\"1367\"]<img class=\"wp-image-387 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-70.jpg\" alt=\" Step2- Add new route 0.0.0.0\/0 to your Internet Gateway\" width=\"1367\" height=\"655\"> Figure 10.69: Add a new route 0.0.0.0\/0 to your internet gateway[\/caption]\n\n[caption id=\"attachment_389\" align=\"aligncenter\" width=\"1361\"]<img class=\"wp-image-388 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-71.jpg\" alt=\"Add new route 0.0.0.0\/0 to your Internet Gateway\" width=\"1361\" height=\"410\"> Figure 10.70: Add a new route 0.0.0.0\/0 to your internet gateway[\/caption]\n\n[caption id=\"attachment_389\" align=\"aligncenter\" width=\"1330\"]<img class=\"wp-image-389 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-72.jpg\" alt=\"Step4-Route Tables\" width=\"1330\" height=\"506\"> Figure 10.71: Route tables overview[\/caption]<\/li>\n \t<li>Create a customer gateway as follows:\n\n[caption id=\"attachment_391\" align=\"aligncenter\" width=\"1380\"]<img class=\"wp-image-390 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-73-1.jpg\" alt=\"Step1-Create a customer gateway\" width=\"1380\" height=\"559\"> Figure 10.72: Create a customer gateway[\/caption]\n\n[caption id=\"attachment_391\" align=\"aligncenter\" width=\"500\"]<img class=\"wp-image-391\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-74.jpg\" alt=\"Step2-Create a Customer Gateway\" width=\"500\" height=\"418\"> Figure 10.73: Create a customer gateway[\/caption]<\/li>\n \t<li>Create a virtual private gateway as follows:\n\n[caption id=\"attachment_395\" align=\"aligncenter\" width=\"1376\"]<img class=\"wp-image-392 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-75-1.jpg\" alt=\"Step1-Create a Virtual Private Gateway\" width=\"1376\" height=\"542\"> Figure 10.74: Create a virtual private gateway[\/caption]\n\n[caption id=\"attachment_395\" align=\"aligncenter\" width=\"500\"]<img class=\"wp-image-393\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-76.jpg\" alt=\"Step2-Create a Virtual Private Gateway on FortiGate\" width=\"500\" height=\"450\"> Figure 10.75: Create a virtual private gateway on FortiGate[\/caption]\n\n[caption id=\"attachment_395\" align=\"aligncenter\" width=\"1379\"]<img class=\"wp-image-394 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-77.jpg\" alt=\"Step3-Attach Virtual Private Gateway to VPC\" width=\"1379\" height=\"591\"> Figure 10.76: Attach virtual private gateway to VPC[\/caption]\n\n[caption id=\"attachment_395\" align=\"aligncenter\" width=\"500\"]<img class=\"wp-image-395\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-78.jpg\" alt=\"Step4-Attach Virtual Private Gateway to VPC\" width=\"500\" height=\"240\"> Figure 10.77: Attach virtual private gateway to VPC[\/caption]<\/li>\n \t<li>Create a Site-to-Site VPN connection as follows:\n<ul>\n \t<li><strong>Name Tag:<\/strong> VPNAWS<\/li>\n \t<li><strong>Target gateway type:<\/strong> Virtual private gateway<\/li>\n \t<li><strong>Virtual Private Gateway:<\/strong> FortiGate<\/li>\n \t<li><strong>Customer Gateway ID:<\/strong> AWS-VPN-FG<\/li>\n \t<li><strong>Routing options:<\/strong> Static<\/li>\n \t<li><strong>Static IP prefixes:<\/strong> 192.168.10.0\/24<\/li>\n \t<li><strong>Local IPv4 network CIDR:<\/strong> 192.168.10.0\/24<\/li>\n \t<li><strong>Remote IPV4 network CIDR:<\/strong> 10.0.1.0\/24<\/li>\n \t<li><strong>Tunnel 1 and Tunnel 2 options:<\/strong> leave it as default<\/li>\n<\/ul>\n[caption id=\"attachment_401\" align=\"aligncenter\" width=\"1377\"]<img class=\"wp-image-396 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-79.jpg\" alt=\"Step1-Create a Site-To-Site VPN connection\" width=\"1377\" height=\"554\"> Figure 10.78: Create a site-to-site VPN connection[\/caption]\n\n[caption id=\"attachment_401\" align=\"aligncenter\" width=\"500\"]<img class=\"wp-image-397\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-80.jpg\" alt=\"Step2-Create a Site-To-Site VPN connection with FortiGate\" width=\"500\" height=\"454\"> Figure 10.79: Create a site-to-site VPN connection with FortiGate[\/caption]\n\n[caption id=\"attachment_401\" align=\"aligncenter\" width=\"500\"]<img class=\"wp-image-398\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-81.jpg\" alt=\"\" width=\"500\" height=\"486\"> Figure 10.80: Create a site-to-site VPN connection with FortiGate[\/caption]\n\n[caption id=\"attachment_401\" align=\"aligncenter\" width=\"1145\"]<img class=\"wp-image-399 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-82.jpg\" alt=\"Step4-Create a Site-To-Site VPN connection with FortiGate\" width=\"1145\" height=\"731\"> Figure 10.81: Create a site-to-site VPN connection with FortiGate[\/caption]\n\n[caption id=\"attachment_401\" align=\"aligncenter\" width=\"400\"]<img class=\"wp-image-400\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-83.jpg\" alt=\" Step5-Download configuration\" width=\"400\" height=\"371\"> Figure 10.82: Download configuration[\/caption]\n\n[caption id=\"attachment_401\" align=\"aligncenter\" width=\"1145\"]<img class=\"wp-image-401 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-84.jpg\" alt=\"Step6- Verify public IP address\" width=\"1145\" height=\"613\"> Figure 10.83: Verify public IP address[\/caption]<\/li>\n \t<li>Open the file that you have downloaded on AWS. It will show phase 1 and phase 2 configuration.\n\n[caption id=\"attachment_403\" align=\"aligncenter\" width=\"959\"]<img class=\"wp-image-402 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-85.jpg\" alt=\"Step7- IPSEC Phase 1\" width=\"959\" height=\"573\"> Figure 10.84: IPsec Phase 1[\/caption]\n\n[caption id=\"attachment_403\" align=\"aligncenter\" width=\"878\"]<img class=\"wp-image-403 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-86.jpg\" alt=\"Step8-IPSEC Phase 2\" width=\"878\" height=\"346\"> Figure 10.85: IPsec Phase 2[\/caption]<\/li>\n<\/ol>\n<h2>FortiGate Configuration<\/h2>\n<ol>\n \t<li>First, we will configure port1 and port2 IP addresses. port1 should be set as DHCP client and port2 should be set as 192.168.10.1\/24.\n\n[caption id=\"attachment_405\" align=\"aligncenter\" width=\"500\"]<img class=\"wp-image-404\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-87.jpg\" alt=\"Set an IP address for port2\" width=\"500\" height=\"306\"> Figure 10.86: Set an IP address for port2[\/caption]\n\n[caption id=\"attachment_405\" align=\"aligncenter\" width=\"935\"]<img class=\"wp-image-405 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-88.jpg\" alt=\"Port1 and Port2 IP addresses\" width=\"935\" height=\"451\"> Figure 10.87: Port1 and Port2 IP addresses[\/caption]<\/li>\n \t<li>Create a static route to port1 (WAN Port) as Figure 10.88.\n\n[caption id=\"attachment_406\" align=\"aligncenter\" width=\"1060\"]<img class=\"wp-image-406 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-89.jpg\" alt=\"Create a static route\" width=\"1060\" height=\"569\"> Figure 10.88: Create a static route[\/caption]<\/li>\n \t<li>Create an IPsec Wizard as a custom as follows:\n<ul>\n \t<li><strong>Remote Gateway IP Address:<\/strong>\u00a0<em>Public_IP_Address_AWS_Virtual_Gateway<\/em><\/li>\n \t<li><strong>Nat Traversal:<\/strong>\u00a0Disable<\/li>\n \t<li><strong>Pre-shared Key:<\/strong>\u00a0<em>The same as AWS key(psWvIznNXaD3e1bWB9mVrODkrYALmrBO)<\/em><\/li>\n \t<li><strong>Local Address:<\/strong>\u00a0192.168.10.0\/24<\/li>\n \t<li><strong>Remote Address:<\/strong>\u00a010.0.0.0\/16<\/li>\n \t<li><strong>Phase 1:<\/strong> Encryption: AES128, Authentication: SHA-1, DH: 2, lifetime: 28800<\/li>\n \t<li><strong>Phase 2:<\/strong> Encryption: AES128, Authentication: SHA-1, DH: 2, lifetime: 3600<\/li>\n \t<li><strong>IKE:<\/strong> version 2<\/li>\n<\/ul>\n[caption id=\"attachment_410\" align=\"aligncenter\" width=\"1143\"]<img class=\"wp-image-407 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-90.jpg\" alt=\" Step1- Create a custom VPN\" width=\"1143\" height=\"479\"> Figure 10.89: Create a custom VPN[\/caption]\n\n[caption id=\"attachment_410\" align=\"aligncenter\" width=\"500\"]<img class=\"wp-image-408\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-91.jpg\" alt=\" Create a custom VPN\" width=\"500\" height=\"305\"> Figure 10.90: Create a custom VPN[\/caption]\n\n[caption id=\"attachment_410\" align=\"aligncenter\" width=\"500\"]<img class=\"wp-image-409\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-92.jpg\" alt=\"Step 3- Create a custom VPN\" width=\"500\" height=\"371\"> Figure 10.91: Create a custom VPN[\/caption]\n\n[caption id=\"attachment_410\" align=\"aligncenter\" width=\"500\"]<img class=\"wp-image-410\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-93.jpg\" alt=\"Step 4- Create a custom VPN\" width=\"500\" height=\"356\"> Figure 10.92: Create a custom VPN[\/caption]<\/li>\n \t<li>Set an IP address for FG-AWS tunnel. We will set the IP address based on the configuration file.\n\n[caption id=\"attachment_413\" align=\"aligncenter\" width=\"500\"]<img class=\"wp-image-411\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-94.jpg\" alt=\"\" width=\"500\" height=\"332\"> Figure 10.93: Configuration file for setting an IP address for FG-AWS tunnel[\/caption]\n\n[caption id=\"attachment_413\" align=\"aligncenter\" width=\"964\"]<img class=\"wp-image-412 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-95.jpg\" alt=\"Step 2- Set an IP address for FG-AWS tunnel \" width=\"964\" height=\"499\"> Figure 10.94: Set an IP address for FG-AWS tunnel[\/caption]\n\n[caption id=\"attachment_413\" align=\"aligncenter\" width=\"500\"]<img class=\"wp-image-413\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-96.jpg\" alt=\"Step 3- Set an IP address for FG-AWS tunnel\" width=\"500\" height=\"450\"> Figure 10.95: Set an IP address for FG-AWS tunnel[\/caption]<\/li>\n \t<li>Create a static route from FG-LAN to AWS-LAN. We will set a static route based on the configuration file.\n\n[caption id=\"attachment_416\" align=\"aligncenter\" width=\"731\"]<img class=\"wp-image-414 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-97.jpg\" alt=\"Create a static route from FG-LAN to AWS-LAN\" width=\"731\" height=\"287\"> Figure 10.96: Configuration file for creating a static route from FG-LAN to AWS-LAN[\/caption]\n\n[caption id=\"attachment_416\" align=\"aligncenter\" width=\"1055\"]<img class=\"wp-image-415 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-98.jpg\" alt=\"Step 2- Create static route from FG-LAN to AWS-LAN\" width=\"1055\" height=\"573\"> Figure 10.97: Create a static route from FG-LAN to AWS-LAN[\/caption]\n\n[caption id=\"attachment_416\" align=\"aligncenter\" width=\"1076\"]<img class=\"wp-image-416 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-99.jpg\" alt=\"Step 3- Create a static route from FG-LAN to AWS-LAN\" width=\"1076\" height=\"219\"> Figure 10.98: Create a static route from FG-LAN to AWS-LAN[\/caption]<\/li>\n \t<li>Create a firewall policy from Port2 to Tunnel and from Tunnel to Port2. We will create a subnet for LAN on premise and a subnet for AWS. Also, in site-to-site VPN, NAT should be disabled here.\n\n[caption id=\"attachment_422\" align=\"aligncenter\" width=\"400\"]<img class=\"wp-image-417\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-100.jpg\" alt=\"Create a subnet for local network\" width=\"400\" height=\"196\"> Figure 10.99: Create a subnet for local network[\/caption]\n\n[caption id=\"attachment_422\" align=\"aligncenter\" width=\"400\"]<img class=\"wp-image-418\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-101.jpg\" alt=\"Create a subnet for AWS local network\" width=\"400\" height=\"199\"> Figure 10.100: Create a subnet for AWS local network[\/caption]\n\n[caption id=\"attachment_422\" align=\"aligncenter\" width=\"1044\"]<img class=\"wp-image-419 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-102.jpg\" alt=\"Create a policy from port2 to FG-AWS Tunnel\" width=\"1044\" height=\"743\"> Figure 10.101: Create a policy from port2 to FG-AWS Tunnel[\/caption]\n\n[caption id=\"attachment_422\" align=\"aligncenter\" width=\"1007\"]<img class=\"wp-image-420 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-103.jpg\" alt=\"Create a policy from FG-AWS Tunnel to port2\" width=\"1007\" height=\"477\"> Figure 10.102: Create a policy from FG-AWS Tunnel to port2[\/caption]\n\n[caption id=\"attachment_422\" align=\"aligncenter\" width=\"1047\"]<img class=\"wp-image-421 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-104.jpg\" alt=\"Create a policy from AWS-FG Tunnel to port2\" width=\"1047\" height=\"744\"> Figure 10.103: Create a policy from AWS-FG Tunnel to port2[\/caption]\n\n[caption id=\"attachment_422\" align=\"aligncenter\" width=\"1253\"]<img class=\"wp-image-422 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-105.jpg\" alt=\"Firewall Policies\" width=\"1253\" height=\"308\"> Figure 10.104: Firewall Policies Overview[\/caption]<\/li>\n<\/ol>\n<h2>Verify Connections<\/h2>\nIf you navigate to IPsec Tunnel, the status should be up.\n\n[caption id=\"attachment_424\" align=\"aligncenter\" width=\"1340\"]<img class=\"wp-image-423 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-106.jpg\" alt=\"Verify tunnel status in FortiGate (on premise)\" width=\"1340\" height=\"265\"> Figure 10.105: Verify tunnel status in FortiGate (on premise)[\/caption]\n\n[caption id=\"attachment_424\" align=\"aligncenter\" width=\"1167\"]<img class=\"wp-image-424 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-107.jpg\" alt=\"Verify tunnel status in AWS\" width=\"1167\" height=\"723\"> Figure 10.106: Verify tunnel status in AWS[\/caption]","rendered":"<div class=\"textbox textbox--learning-objectives\">\n<header class=\"textbox__header\">\n<p class=\"textbox__title\">Learning Objectives<\/p>\n<\/header>\n<ul>\n<li>Configure a Customer Gateway in AWS<\/li>\n<li>Configure a Virtual Private Gateway<\/li>\n<li>Create an IPsec VPN between FortiGate on-Premise and AWS<\/li>\n<\/ul>\n<\/div>\n<div class=\"textbox shaded\"><strong>Scenario<\/strong>: We are going to connect on premise FortiGate to AWS Virtual Gateway. This is going to be IPsec VPN between FortiGate and AWS. First, we will configure AWS and then connect FortiGate through Port1 to AWS Virtual Gateway<\/div>\n<p>&nbsp;<\/p>\n<figure id=\"attachment_424\" aria-describedby=\"caption-attachment-424\" style=\"width: 969px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-378 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2022\/05\/10-60.jpg\" alt=\"Main scenario IPSEC VPN from FortiGate (on premise) to AWS\" width=\"969\" height=\"302\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2022\/05\/10-60.jpg 969w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2022\/05\/10-60-300x93.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2022\/05\/10-60-768x239.jpg 768w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2022\/05\/10-60-65x20.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2022\/05\/10-60-225x70.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2022\/05\/10-60-350x109.jpg 350w\" sizes=\"auto, (max-width: 969px) 100vw, 969px\" \/><figcaption id=\"caption-attachment-424\" class=\"wp-caption-text\">Figure 10.60: Main scenario<\/figcaption><\/figure>\n<table class=\"aligncenter\" style=\"width: 100%;\">\n<caption><strong>Table 10.4: On-premise devices configuration<\/strong><\/caption>\n<tbody>\n<tr>\n<th style=\"width: 20.5382%;\" scope=\"col\">Device<\/th>\n<th style=\"width: 36.2606%;\" scope=\"col\">Configuration<\/th>\n<th style=\"width: 43.2011%;\" scope=\"col\">Access<\/th>\n<\/tr>\n<tr>\n<td style=\"width: 20.5382%;\">FortiGate<\/td>\n<td style=\"width: 36.2606%;\">Port 1: DHCP Client<\/p>\n<p>Port 2: 192.168.10.1\/24<\/td>\n<td style=\"width: 43.2011%;\">Port1: HTTP, HTTPS, PING<\/p>\n<p>&nbsp;<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 20.5382%;\">\u00a0WebTerm1<\/td>\n<td style=\"width: 36.2606%;\">192.168.10.2\/24<\/td>\n<td style=\"width: 43.2011%;\">&#8211;<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>AWS Configuration<\/h2>\n<ol>\n<li>Create a VPC for AWS as follows:\n<ul>\n<li><strong>Name tag:<\/strong> AWS Subnet<\/li>\n<li><strong>IPv4 CIDR:<\/strong> 10.0.0.0\/16<\/li>\n<\/ul>\n<figure id=\"attachment_380\" aria-describedby=\"caption-attachment-380\" style=\"width: 1411px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-379 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-61.jpg\" alt=\"Step1-Create a VPC\" width=\"1411\" height=\"339\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-61.jpg 1411w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-61-300x72.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-61-1024x246.jpg 1024w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-61-768x185.jpg 768w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-61-65x16.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-61-225x54.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-61-350x84.jpg 350w\" sizes=\"auto, (max-width: 1411px) 100vw, 1411px\" \/><figcaption id=\"caption-attachment-380\" class=\"wp-caption-text\">Figure 10.61: Create a VPC<\/figcaption><\/figure>\n<figure id=\"attachment_380\" aria-describedby=\"caption-attachment-380\" style=\"width: 450px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-380\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-62.jpg\" alt=\"Step2-Select VPC only\" width=\"450\" height=\"486\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-62.jpg 679w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-62-278x300.jpg 278w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-62-65x70.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-62-225x243.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-62-350x378.jpg 350w\" sizes=\"auto, (max-width: 450px) 100vw, 450px\" \/><figcaption id=\"caption-attachment-380\" class=\"wp-caption-text\">Figure 10.62: Create a VPC named &#8220;AWS Subnet&#8221;<\/figcaption><\/figure>\n<\/li>\n<li>Create a private subnet under AWS VPC as follows:\n<ul>\n<li>VPC: <strong>AWS Subnet<\/strong><\/li>\n<li>Subnet Name: <strong>Private<\/strong><\/li>\n<li>IPv4 CIDR block<strong>: 10.0.1.0\/24<\/strong><\/li>\n<\/ul>\n<figure id=\"attachment_381\" aria-describedby=\"caption-attachment-381\" style=\"width: 400px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-381\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-64-1.jpg\" alt=\"Create a subnet under AWS VPC\" width=\"400\" height=\"482\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-64-1.jpg 638w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-64-1-249x300.jpg 249w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-64-1-65x78.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-64-1-225x271.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-64-1-350x422.jpg 350w\" sizes=\"auto, (max-width: 400px) 100vw, 400px\" \/><figcaption id=\"caption-attachment-381\" class=\"wp-caption-text\">Figure 10.63: Create a subnet under AWS VPC<\/figcaption><\/figure>\n<\/li>\n<li>Create an internet gateway as follows:<br \/>\n<figure id=\"attachment_385\" aria-describedby=\"caption-attachment-385\" style=\"width: 1380px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-382 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-65-1.jpg\" alt=\"Create an Internet Gateway\" width=\"1380\" height=\"361\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-65-1.jpg 1380w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-65-1-300x78.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-65-1-1024x268.jpg 1024w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-65-1-768x201.jpg 768w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-65-1-65x17.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-65-1-225x59.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-65-1-350x92.jpg 350w\" sizes=\"auto, (max-width: 1380px) 100vw, 1380px\" \/><figcaption id=\"caption-attachment-385\" class=\"wp-caption-text\">Figure 10.64: Create an internet gateway<\/figcaption><\/figure>\n<figure id=\"attachment_385\" aria-describedby=\"caption-attachment-385\" style=\"width: 500px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-383\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-66.jpg\" alt=\"\" width=\"500\" height=\"395\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-66.jpg 822w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-66-300x237.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-66-768x607.jpg 768w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-66-65x51.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-66-225x178.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-66-350x277.jpg 350w\" sizes=\"auto, (max-width: 500px) 100vw, 500px\" \/><figcaption id=\"caption-attachment-385\" class=\"wp-caption-text\">Figure 10.65: Select Name as AWS-IGW<\/figcaption><\/figure>\n<figure id=\"attachment_385\" aria-describedby=\"caption-attachment-385\" style=\"width: 1380px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-384 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-67.jpg\" alt=\"\" width=\"1380\" height=\"363\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-67.jpg 1380w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-67-300x79.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-67-1024x269.jpg 1024w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-67-768x202.jpg 768w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-67-65x17.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-67-225x59.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-67-350x92.jpg 350w\" sizes=\"auto, (max-width: 1380px) 100vw, 1380px\" \/><figcaption id=\"caption-attachment-385\" class=\"wp-caption-text\">Figure 10.66: Attach the internet gateway to VPC<\/figcaption><\/figure>\n<figure id=\"attachment_385\" aria-describedby=\"caption-attachment-385\" style=\"width: 500px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-385\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-68.jpg\" alt=\"Step4-Attach the Internet Gateway to VPC\" width=\"500\" height=\"234\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-68.jpg 826w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-68-300x140.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-68-768x359.jpg 768w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-68-65x30.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-68-225x105.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-68-350x164.jpg 350w\" sizes=\"auto, (max-width: 500px) 100vw, 500px\" \/><figcaption id=\"caption-attachment-385\" class=\"wp-caption-text\">Figure 10.67: Attach the internet gateway to VPC<\/figcaption><\/figure>\n<\/li>\n<li>Create a static route to the internet gateway (AWS-IGW). Edit Routes as follows:<br \/>\n<figure id=\"attachment_389\" aria-describedby=\"caption-attachment-389\" style=\"width: 1376px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-386 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-69-2.jpg\" alt=\"\" width=\"1376\" height=\"600\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-69-2.jpg 1376w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-69-2-300x131.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-69-2-1024x447.jpg 1024w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-69-2-768x335.jpg 768w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-69-2-65x28.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-69-2-225x98.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-69-2-350x153.jpg 350w\" sizes=\"auto, (max-width: 1376px) 100vw, 1376px\" \/><figcaption id=\"caption-attachment-389\" class=\"wp-caption-text\">Figure 10.68: Edit routes<\/figcaption><\/figure>\n<figure id=\"attachment_389\" aria-describedby=\"caption-attachment-389\" style=\"width: 1367px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-387 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-70.jpg\" alt=\"Step2- Add new route 0.0.0.0\/0 to your Internet Gateway\" width=\"1367\" height=\"655\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-70.jpg 1367w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-70-300x144.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-70-1024x491.jpg 1024w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-70-768x368.jpg 768w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-70-65x31.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-70-225x108.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-70-350x168.jpg 350w\" sizes=\"auto, (max-width: 1367px) 100vw, 1367px\" \/><figcaption id=\"caption-attachment-389\" class=\"wp-caption-text\">Figure 10.69: Add a new route 0.0.0.0\/0 to your internet gateway<\/figcaption><\/figure>\n<figure id=\"attachment_389\" aria-describedby=\"caption-attachment-389\" style=\"width: 1361px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-388 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-71.jpg\" alt=\"Add new route 0.0.0.0\/0 to your Internet Gateway\" width=\"1361\" height=\"410\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-71.jpg 1361w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-71-300x90.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-71-1024x308.jpg 1024w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-71-768x231.jpg 768w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-71-65x20.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-71-225x68.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-71-350x105.jpg 350w\" sizes=\"auto, (max-width: 1361px) 100vw, 1361px\" \/><figcaption id=\"caption-attachment-389\" class=\"wp-caption-text\">Figure 10.70: Add a new route 0.0.0.0\/0 to your internet gateway<\/figcaption><\/figure>\n<figure id=\"attachment_389\" aria-describedby=\"caption-attachment-389\" style=\"width: 1330px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-389 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-72.jpg\" alt=\"Step4-Route Tables\" width=\"1330\" height=\"506\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-72.jpg 1330w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-72-300x114.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-72-1024x390.jpg 1024w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-72-768x292.jpg 768w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-72-65x25.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-72-225x86.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-72-350x133.jpg 350w\" sizes=\"auto, (max-width: 1330px) 100vw, 1330px\" \/><figcaption id=\"caption-attachment-389\" class=\"wp-caption-text\">Figure 10.71: Route tables overview<\/figcaption><\/figure>\n<\/li>\n<li>Create a customer gateway as follows:<br \/>\n<figure id=\"attachment_391\" aria-describedby=\"caption-attachment-391\" style=\"width: 1380px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-390 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-73-1.jpg\" alt=\"Step1-Create a customer gateway\" width=\"1380\" height=\"559\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-73-1.jpg 1380w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-73-1-300x122.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-73-1-1024x415.jpg 1024w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-73-1-768x311.jpg 768w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-73-1-65x26.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-73-1-225x91.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-73-1-350x142.jpg 350w\" sizes=\"auto, (max-width: 1380px) 100vw, 1380px\" \/><figcaption id=\"caption-attachment-391\" class=\"wp-caption-text\">Figure 10.72: Create a customer gateway<\/figcaption><\/figure>\n<figure id=\"attachment_391\" aria-describedby=\"caption-attachment-391\" style=\"width: 500px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-391\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-74.jpg\" alt=\"Step2-Create a Customer Gateway\" width=\"500\" height=\"418\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-74.jpg 815w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-74-300x251.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-74-768x642.jpg 768w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-74-65x54.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-74-225x188.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-74-350x292.jpg 350w\" sizes=\"auto, (max-width: 500px) 100vw, 500px\" \/><figcaption id=\"caption-attachment-391\" class=\"wp-caption-text\">Figure 10.73: Create a customer gateway<\/figcaption><\/figure>\n<\/li>\n<li>Create a virtual private gateway as follows:<br \/>\n<figure id=\"attachment_395\" aria-describedby=\"caption-attachment-395\" style=\"width: 1376px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-392 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-75-1.jpg\" alt=\"Step1-Create a Virtual Private Gateway\" width=\"1376\" height=\"542\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-75-1.jpg 1376w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-75-1-300x118.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-75-1-1024x403.jpg 1024w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-75-1-768x303.jpg 768w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-75-1-65x26.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-75-1-225x89.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-75-1-350x138.jpg 350w\" sizes=\"auto, (max-width: 1376px) 100vw, 1376px\" \/><figcaption id=\"caption-attachment-395\" class=\"wp-caption-text\">Figure 10.74: Create a virtual private gateway<\/figcaption><\/figure>\n<figure id=\"attachment_395\" aria-describedby=\"caption-attachment-395\" style=\"width: 500px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-393\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-76.jpg\" alt=\"Step2-Create a Virtual Private Gateway on FortiGate\" width=\"500\" height=\"450\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-76.jpg 817w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-76-300x270.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-76-768x692.jpg 768w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-76-65x59.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-76-225x203.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-76-350x315.jpg 350w\" sizes=\"auto, (max-width: 500px) 100vw, 500px\" \/><figcaption id=\"caption-attachment-395\" class=\"wp-caption-text\">Figure 10.75: Create a virtual private gateway on FortiGate<\/figcaption><\/figure>\n<figure id=\"attachment_395\" aria-describedby=\"caption-attachment-395\" style=\"width: 1379px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-394 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-77.jpg\" alt=\"Step3-Attach Virtual Private Gateway to VPC\" width=\"1379\" height=\"591\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-77.jpg 1379w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-77-300x129.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-77-1024x439.jpg 1024w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-77-768x329.jpg 768w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-77-65x28.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-77-225x96.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-77-350x150.jpg 350w\" sizes=\"auto, (max-width: 1379px) 100vw, 1379px\" \/><figcaption id=\"caption-attachment-395\" class=\"wp-caption-text\">Figure 10.76: Attach virtual private gateway to VPC<\/figcaption><\/figure>\n<figure id=\"attachment_395\" aria-describedby=\"caption-attachment-395\" style=\"width: 500px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-395\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-78.jpg\" alt=\"Step4-Attach Virtual Private Gateway to VPC\" width=\"500\" height=\"240\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-78.jpg 818w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-78-300x144.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-78-768x369.jpg 768w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-78-65x31.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-78-225x108.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-78-350x168.jpg 350w\" sizes=\"auto, (max-width: 500px) 100vw, 500px\" \/><figcaption id=\"caption-attachment-395\" class=\"wp-caption-text\">Figure 10.77: Attach virtual private gateway to VPC<\/figcaption><\/figure>\n<\/li>\n<li>Create a Site-to-Site VPN connection as follows:\n<ul>\n<li><strong>Name Tag:<\/strong> VPNAWS<\/li>\n<li><strong>Target gateway type:<\/strong> Virtual private gateway<\/li>\n<li><strong>Virtual Private Gateway:<\/strong> FortiGate<\/li>\n<li><strong>Customer Gateway ID:<\/strong> AWS-VPN-FG<\/li>\n<li><strong>Routing options:<\/strong> Static<\/li>\n<li><strong>Static IP prefixes:<\/strong> 192.168.10.0\/24<\/li>\n<li><strong>Local IPv4 network CIDR:<\/strong> 192.168.10.0\/24<\/li>\n<li><strong>Remote IPV4 network CIDR:<\/strong> 10.0.1.0\/24<\/li>\n<li><strong>Tunnel 1 and Tunnel 2 options:<\/strong> leave it as default<\/li>\n<\/ul>\n<figure id=\"attachment_401\" aria-describedby=\"caption-attachment-401\" style=\"width: 1377px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-396 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-79.jpg\" alt=\"Step1-Create a Site-To-Site VPN connection\" width=\"1377\" height=\"554\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-79.jpg 1377w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-79-300x121.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-79-1024x412.jpg 1024w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-79-768x309.jpg 768w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-79-65x26.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-79-225x91.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-79-350x141.jpg 350w\" sizes=\"auto, (max-width: 1377px) 100vw, 1377px\" \/><figcaption id=\"caption-attachment-401\" class=\"wp-caption-text\">Figure 10.78: Create a site-to-site VPN connection<\/figcaption><\/figure>\n<figure id=\"attachment_401\" aria-describedby=\"caption-attachment-401\" style=\"width: 500px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-397\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-80.jpg\" alt=\"Step2-Create a Site-To-Site VPN connection with FortiGate\" width=\"500\" height=\"454\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-80.jpg 818w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-80-300x272.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-80-768x697.jpg 768w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-80-65x59.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-80-225x204.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-80-350x317.jpg 350w\" sizes=\"auto, (max-width: 500px) 100vw, 500px\" \/><figcaption id=\"caption-attachment-401\" class=\"wp-caption-text\">Figure 10.79: Create a site-to-site VPN connection with FortiGate<\/figcaption><\/figure>\n<figure id=\"attachment_401\" aria-describedby=\"caption-attachment-401\" style=\"width: 500px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-398\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-81.jpg\" alt=\"\" width=\"500\" height=\"486\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-81.jpg 820w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-81-300x292.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-81-768x746.jpg 768w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-81-65x63.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-81-225x219.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-81-350x340.jpg 350w\" sizes=\"auto, (max-width: 500px) 100vw, 500px\" \/><figcaption id=\"caption-attachment-401\" class=\"wp-caption-text\">Figure 10.80: Create a site-to-site VPN connection with FortiGate<\/figcaption><\/figure>\n<figure id=\"attachment_401\" aria-describedby=\"caption-attachment-401\" style=\"width: 1145px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-399 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-82.jpg\" alt=\"Step4-Create a Site-To-Site VPN connection with FortiGate\" width=\"1145\" height=\"731\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-82.jpg 1145w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-82-300x192.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-82-1024x654.jpg 1024w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-82-768x490.jpg 768w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-82-65x41.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-82-225x144.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-82-350x223.jpg 350w\" sizes=\"auto, (max-width: 1145px) 100vw, 1145px\" \/><figcaption id=\"caption-attachment-401\" class=\"wp-caption-text\">Figure 10.81: Create a site-to-site VPN connection with FortiGate<\/figcaption><\/figure>\n<figure id=\"attachment_401\" aria-describedby=\"caption-attachment-401\" style=\"width: 400px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-400\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-83.jpg\" alt=\"Step5-Download configuration\" width=\"400\" height=\"371\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-83.jpg 610w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-83-300x278.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-83-65x60.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-83-225x209.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-83-350x325.jpg 350w\" sizes=\"auto, (max-width: 400px) 100vw, 400px\" \/><figcaption id=\"caption-attachment-401\" class=\"wp-caption-text\">Figure 10.82: Download configuration<\/figcaption><\/figure>\n<figure id=\"attachment_401\" aria-describedby=\"caption-attachment-401\" style=\"width: 1145px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-401 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-84.jpg\" alt=\"Step6- Verify public IP address\" width=\"1145\" height=\"613\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-84.jpg 1145w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-84-300x161.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-84-1024x548.jpg 1024w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-84-768x411.jpg 768w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-84-65x35.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-84-225x120.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-84-350x187.jpg 350w\" sizes=\"auto, (max-width: 1145px) 100vw, 1145px\" \/><figcaption id=\"caption-attachment-401\" class=\"wp-caption-text\">Figure 10.83: Verify public IP address<\/figcaption><\/figure>\n<\/li>\n<li>Open the file that you have downloaded on AWS. It will show phase 1 and phase 2 configuration.<br \/>\n<figure id=\"attachment_403\" aria-describedby=\"caption-attachment-403\" style=\"width: 959px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-402 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-85.jpg\" alt=\"Step7- IPSEC Phase 1\" width=\"959\" height=\"573\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-85.jpg 959w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-85-300x179.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-85-768x459.jpg 768w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-85-65x39.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-85-225x134.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-85-350x209.jpg 350w\" sizes=\"auto, (max-width: 959px) 100vw, 959px\" \/><figcaption id=\"caption-attachment-403\" class=\"wp-caption-text\">Figure 10.84: IPsec Phase 1<\/figcaption><\/figure>\n<figure id=\"attachment_403\" aria-describedby=\"caption-attachment-403\" style=\"width: 878px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-403 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-86.jpg\" alt=\"Step8-IPSEC Phase 2\" width=\"878\" height=\"346\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-86.jpg 878w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-86-300x118.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-86-768x303.jpg 768w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-86-65x26.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-86-225x89.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-86-350x138.jpg 350w\" sizes=\"auto, (max-width: 878px) 100vw, 878px\" \/><figcaption id=\"caption-attachment-403\" class=\"wp-caption-text\">Figure 10.85: IPsec Phase 2<\/figcaption><\/figure>\n<\/li>\n<\/ol>\n<h2>FortiGate Configuration<\/h2>\n<ol>\n<li>First, we will configure port1 and port2 IP addresses. port1 should be set as DHCP client and port2 should be set as 192.168.10.1\/24.<br \/>\n<figure id=\"attachment_405\" aria-describedby=\"caption-attachment-405\" style=\"width: 500px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-404\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-87.jpg\" alt=\"Set an IP address for port2\" width=\"500\" height=\"306\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-87.jpg 927w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-87-300x184.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-87-768x471.jpg 768w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-87-65x40.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-87-225x138.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-87-350x214.jpg 350w\" sizes=\"auto, (max-width: 500px) 100vw, 500px\" \/><figcaption id=\"caption-attachment-405\" class=\"wp-caption-text\">Figure 10.86: Set an IP address for port2<\/figcaption><\/figure>\n<figure id=\"attachment_405\" aria-describedby=\"caption-attachment-405\" style=\"width: 935px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-405 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-88.jpg\" alt=\"Port1 and Port2 IP addresses\" width=\"935\" height=\"451\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-88.jpg 935w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-88-300x145.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-88-768x370.jpg 768w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-88-65x31.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-88-225x109.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-88-350x169.jpg 350w\" sizes=\"auto, (max-width: 935px) 100vw, 935px\" \/><figcaption id=\"caption-attachment-405\" class=\"wp-caption-text\">Figure 10.87: Port1 and Port2 IP addresses<\/figcaption><\/figure>\n<\/li>\n<li>Create a static route to port1 (WAN Port) as Figure 10.88.<br \/>\n<figure id=\"attachment_406\" aria-describedby=\"caption-attachment-406\" style=\"width: 1060px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-406 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-89.jpg\" alt=\"Create a static route\" width=\"1060\" height=\"569\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-89.jpg 1060w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-89-300x161.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-89-1024x550.jpg 1024w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-89-768x412.jpg 768w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-89-65x35.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-89-225x121.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-89-350x188.jpg 350w\" sizes=\"auto, (max-width: 1060px) 100vw, 1060px\" \/><figcaption id=\"caption-attachment-406\" class=\"wp-caption-text\">Figure 10.88: Create a static route<\/figcaption><\/figure>\n<\/li>\n<li>Create an IPsec Wizard as a custom as follows:\n<ul>\n<li><strong>Remote Gateway IP Address:<\/strong>\u00a0<em>Public_IP_Address_AWS_Virtual_Gateway<\/em><\/li>\n<li><strong>Nat Traversal:<\/strong>\u00a0Disable<\/li>\n<li><strong>Pre-shared Key:<\/strong>\u00a0<em>The same as AWS key(psWvIznNXaD3e1bWB9mVrODkrYALmrBO)<\/em><\/li>\n<li><strong>Local Address:<\/strong>\u00a0192.168.10.0\/24<\/li>\n<li><strong>Remote Address:<\/strong>\u00a010.0.0.0\/16<\/li>\n<li><strong>Phase 1:<\/strong> Encryption: AES128, Authentication: SHA-1, DH: 2, lifetime: 28800<\/li>\n<li><strong>Phase 2:<\/strong> Encryption: AES128, Authentication: SHA-1, DH: 2, lifetime: 3600<\/li>\n<li><strong>IKE:<\/strong> version 2<\/li>\n<\/ul>\n<figure id=\"attachment_410\" aria-describedby=\"caption-attachment-410\" style=\"width: 1143px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-407 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-90.jpg\" alt=\"Step1- Create a custom VPN\" width=\"1143\" height=\"479\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-90.jpg 1143w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-90-300x126.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-90-1024x429.jpg 1024w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-90-768x322.jpg 768w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-90-65x27.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-90-225x94.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-90-350x147.jpg 350w\" sizes=\"auto, (max-width: 1143px) 100vw, 1143px\" \/><figcaption id=\"caption-attachment-410\" class=\"wp-caption-text\">Figure 10.89: Create a custom VPN<\/figcaption><\/figure>\n<figure id=\"attachment_410\" aria-describedby=\"caption-attachment-410\" style=\"width: 500px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-408\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-91.jpg\" alt=\"Create a custom VPN\" width=\"500\" height=\"305\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-91.jpg 897w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-91-300x183.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-91-768x468.jpg 768w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-91-65x40.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-91-225x137.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-91-350x213.jpg 350w\" sizes=\"auto, (max-width: 500px) 100vw, 500px\" \/><figcaption id=\"caption-attachment-410\" class=\"wp-caption-text\">Figure 10.90: Create a custom VPN<\/figcaption><\/figure>\n<figure id=\"attachment_410\" aria-describedby=\"caption-attachment-410\" style=\"width: 500px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-409\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-92.jpg\" alt=\"Step 3- Create a custom VPN\" width=\"500\" height=\"371\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-92.jpg 912w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-92-300x223.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-92-768x570.jpg 768w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-92-65x48.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-92-225x167.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-92-350x260.jpg 350w\" sizes=\"auto, (max-width: 500px) 100vw, 500px\" \/><figcaption id=\"caption-attachment-410\" class=\"wp-caption-text\">Figure 10.91: Create a custom VPN<\/figcaption><\/figure>\n<figure id=\"attachment_410\" aria-describedby=\"caption-attachment-410\" style=\"width: 500px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-410\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-93.jpg\" alt=\"Step 4- Create a custom VPN\" width=\"500\" height=\"356\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-93.jpg 1044w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-93-300x214.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-93-1024x730.jpg 1024w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-93-768x547.jpg 768w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-93-65x46.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-93-225x160.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-93-350x249.jpg 350w\" sizes=\"auto, (max-width: 500px) 100vw, 500px\" \/><figcaption id=\"caption-attachment-410\" class=\"wp-caption-text\">Figure 10.92: Create a custom VPN<\/figcaption><\/figure>\n<\/li>\n<li>Set an IP address for FG-AWS tunnel. We will set the IP address based on the configuration file.<br \/>\n<figure id=\"attachment_413\" aria-describedby=\"caption-attachment-413\" style=\"width: 500px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-411\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-94.jpg\" alt=\"\" width=\"500\" height=\"332\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-94.jpg 707w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-94-300x199.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-94-65x43.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-94-225x149.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-94-350x232.jpg 350w\" sizes=\"auto, (max-width: 500px) 100vw, 500px\" \/><figcaption id=\"caption-attachment-413\" class=\"wp-caption-text\">Figure 10.93: Configuration file for setting an IP address for FG-AWS tunnel<\/figcaption><\/figure>\n<figure id=\"attachment_413\" aria-describedby=\"caption-attachment-413\" style=\"width: 964px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-412 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-95.jpg\" alt=\"Step 2- Set an IP address for FG-AWS tunnel\" width=\"964\" height=\"499\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-95.jpg 964w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-95-300x155.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-95-768x398.jpg 768w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-95-65x34.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-95-225x116.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-95-350x181.jpg 350w\" sizes=\"auto, (max-width: 964px) 100vw, 964px\" \/><figcaption id=\"caption-attachment-413\" class=\"wp-caption-text\">Figure 10.94: Set an IP address for FG-AWS tunnel<\/figcaption><\/figure>\n<figure id=\"attachment_413\" aria-describedby=\"caption-attachment-413\" style=\"width: 500px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-413\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-96.jpg\" alt=\"Step 3- Set an IP address for FG-AWS tunnel\" width=\"500\" height=\"450\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-96.jpg 734w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-96-300x270.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-96-65x59.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-96-225x203.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-96-350x315.jpg 350w\" sizes=\"auto, (max-width: 500px) 100vw, 500px\" \/><figcaption id=\"caption-attachment-413\" class=\"wp-caption-text\">Figure 10.95: Set an IP address for FG-AWS tunnel<\/figcaption><\/figure>\n<\/li>\n<li>Create a static route from FG-LAN to AWS-LAN. We will set a static route based on the configuration file.<br \/>\n<figure id=\"attachment_416\" aria-describedby=\"caption-attachment-416\" style=\"width: 731px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-414 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-97.jpg\" alt=\"Create a static route from FG-LAN to AWS-LAN\" width=\"731\" height=\"287\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-97.jpg 731w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-97-300x118.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-97-65x26.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-97-225x88.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-97-350x137.jpg 350w\" sizes=\"auto, (max-width: 731px) 100vw, 731px\" \/><figcaption id=\"caption-attachment-416\" class=\"wp-caption-text\">Figure 10.96: Configuration file for creating a static route from FG-LAN to AWS-LAN<\/figcaption><\/figure>\n<figure id=\"attachment_416\" aria-describedby=\"caption-attachment-416\" style=\"width: 1055px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-415 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-98.jpg\" alt=\"Step 2- Create static route from FG-LAN to AWS-LAN\" width=\"1055\" height=\"573\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-98.jpg 1055w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-98-300x163.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-98-1024x556.jpg 1024w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-98-768x417.jpg 768w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-98-65x35.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-98-225x122.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-98-350x190.jpg 350w\" sizes=\"auto, (max-width: 1055px) 100vw, 1055px\" \/><figcaption id=\"caption-attachment-416\" class=\"wp-caption-text\">Figure 10.97: Create a static route from FG-LAN to AWS-LAN<\/figcaption><\/figure>\n<figure id=\"attachment_416\" aria-describedby=\"caption-attachment-416\" style=\"width: 1076px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-416 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-99.jpg\" alt=\"Step 3- Create a static route from FG-LAN to AWS-LAN\" width=\"1076\" height=\"219\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-99.jpg 1076w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-99-300x61.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-99-1024x208.jpg 1024w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-99-768x156.jpg 768w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-99-65x13.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-99-225x46.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-99-350x71.jpg 350w\" sizes=\"auto, (max-width: 1076px) 100vw, 1076px\" \/><figcaption id=\"caption-attachment-416\" class=\"wp-caption-text\">Figure 10.98: Create a static route from FG-LAN to AWS-LAN<\/figcaption><\/figure>\n<\/li>\n<li>Create a firewall policy from Port2 to Tunnel and from Tunnel to Port2. We will create a subnet for LAN on premise and a subnet for AWS. Also, in site-to-site VPN, NAT should be disabled here.<br \/>\n<figure id=\"attachment_422\" aria-describedby=\"caption-attachment-422\" style=\"width: 400px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-417\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-100.jpg\" alt=\"Create a subnet for local network\" width=\"400\" height=\"196\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-100.jpg 539w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-100-300x147.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-100-65x32.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-100-225x110.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-100-350x171.jpg 350w\" sizes=\"auto, (max-width: 400px) 100vw, 400px\" \/><figcaption id=\"caption-attachment-422\" class=\"wp-caption-text\">Figure 10.99: Create a subnet for local network<\/figcaption><\/figure>\n<figure id=\"attachment_422\" aria-describedby=\"caption-attachment-422\" style=\"width: 400px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-418\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-101.jpg\" alt=\"Create a subnet for AWS local network\" width=\"400\" height=\"199\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-101.jpg 549w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-101-300x149.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-101-65x32.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-101-225x112.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-101-350x174.jpg 350w\" sizes=\"auto, (max-width: 400px) 100vw, 400px\" \/><figcaption id=\"caption-attachment-422\" class=\"wp-caption-text\">Figure 10.100: Create a subnet for AWS local network<\/figcaption><\/figure>\n<figure id=\"attachment_422\" aria-describedby=\"caption-attachment-422\" style=\"width: 1044px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-419 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-102.jpg\" alt=\"Create a policy from port2 to FG-AWS Tunnel\" width=\"1044\" height=\"743\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-102.jpg 1044w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-102-300x214.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-102-1024x729.jpg 1024w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-102-768x547.jpg 768w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-102-65x46.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-102-225x160.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-102-350x249.jpg 350w\" sizes=\"auto, (max-width: 1044px) 100vw, 1044px\" \/><figcaption id=\"caption-attachment-422\" class=\"wp-caption-text\">Figure 10.101: Create a policy from port2 to FG-AWS Tunnel<\/figcaption><\/figure>\n<figure id=\"attachment_422\" aria-describedby=\"caption-attachment-422\" style=\"width: 1007px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-420 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-103.jpg\" alt=\"Create a policy from FG-AWS Tunnel to port2\" width=\"1007\" height=\"477\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-103.jpg 1007w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-103-300x142.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-103-768x364.jpg 768w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-103-65x31.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-103-225x107.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-103-350x166.jpg 350w\" sizes=\"auto, (max-width: 1007px) 100vw, 1007px\" \/><figcaption id=\"caption-attachment-422\" class=\"wp-caption-text\">Figure 10.102: Create a policy from FG-AWS Tunnel to port2<\/figcaption><\/figure>\n<figure id=\"attachment_422\" aria-describedby=\"caption-attachment-422\" style=\"width: 1047px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-421 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-104.jpg\" alt=\"Create a policy from AWS-FG Tunnel to port2\" width=\"1047\" height=\"744\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-104.jpg 1047w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-104-300x213.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-104-1024x728.jpg 1024w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-104-768x546.jpg 768w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-104-65x46.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-104-225x160.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-104-350x249.jpg 350w\" sizes=\"auto, (max-width: 1047px) 100vw, 1047px\" \/><figcaption id=\"caption-attachment-422\" class=\"wp-caption-text\">Figure 10.103: Create a policy from AWS-FG Tunnel to port2<\/figcaption><\/figure>\n<figure id=\"attachment_422\" aria-describedby=\"caption-attachment-422\" style=\"width: 1253px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-422 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-105.jpg\" alt=\"Firewall Policies\" width=\"1253\" height=\"308\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-105.jpg 1253w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-105-300x74.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-105-1024x252.jpg 1024w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-105-768x189.jpg 768w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-105-65x16.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-105-225x55.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-105-350x86.jpg 350w\" sizes=\"auto, (max-width: 1253px) 100vw, 1253px\" \/><figcaption id=\"caption-attachment-422\" class=\"wp-caption-text\">Figure 10.104: Firewall Policies Overview<\/figcaption><\/figure>\n<\/li>\n<\/ol>\n<h2>Verify Connections<\/h2>\n<p>If you navigate to IPsec Tunnel, the status should be up.<\/p>\n<figure id=\"attachment_424\" aria-describedby=\"caption-attachment-424\" style=\"width: 1340px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-423 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-106.jpg\" alt=\"Verify tunnel status in FortiGate (on premise)\" width=\"1340\" height=\"265\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-106.jpg 1340w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-106-300x59.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-106-1024x203.jpg 1024w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-106-768x152.jpg 768w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-106-65x13.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-106-225x44.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-106-350x69.jpg 350w\" sizes=\"auto, (max-width: 1340px) 100vw, 1340px\" \/><figcaption id=\"caption-attachment-424\" class=\"wp-caption-text\">Figure 10.105: Verify tunnel status in FortiGate (on premise)<\/figcaption><\/figure>\n<figure id=\"attachment_424\" aria-describedby=\"caption-attachment-424\" style=\"width: 1167px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-424 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-107.jpg\" alt=\"Verify tunnel status in AWS\" width=\"1167\" height=\"723\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-107.jpg 1167w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-107-300x186.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-107-1024x634.jpg 1024w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-107-768x476.jpg 768w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-107-65x40.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-107-225x139.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-107-350x217.jpg 350w\" sizes=\"auto, (max-width: 1167px) 100vw, 1167px\" \/><figcaption id=\"caption-attachment-424\" class=\"wp-caption-text\">Figure 10.106: Verify tunnel status in AWS<\/figcaption><\/figure>\n","protected":false},"author":124,"menu_order":4,"template":"","meta":{"pb_show_title":"on","pb_short_title":"","pb_subtitle":"","pb_authors":[],"pb_section_license":""},"chapter-type":[],"contributor":[],"license":[],"class_list":["post-425","chapter","type-chapter","status-publish","hentry"],"part":313,"_links":{"self":[{"href":"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-json\/pressbooks\/v2\/chapters\/425","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-json\/pressbooks\/v2\/chapters"}],"about":[{"href":"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-json\/wp\/v2\/types\/chapter"}],"author":[{"embeddable":true,"href":"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-json\/wp\/v2\/users\/124"}],"version-history":[{"count":1,"href":"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-json\/pressbooks\/v2\/chapters\/425\/revisions"}],"predecessor-version":[{"id":426,"href":"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-json\/pressbooks\/v2\/chapters\/425\/revisions\/426"}],"part":[{"href":"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-json\/pressbooks\/v2\/parts\/313"}],"metadata":[{"href":"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-json\/pressbooks\/v2\/chapters\/425\/metadata\/"}],"wp:attachment":[{"href":"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-json\/wp\/v2\/media?parent=425"}],"wp:term":[{"taxonomy":"chapter-type","embeddable":true,"href":"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-json\/pressbooks\/v2\/chapter-type?post=425"},{"taxonomy":"contributor","embeddable":true,"href":"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-json\/wp\/v2\/contributor?post=425"},{"taxonomy":"license","embeddable":true,"href":"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-json\/wp\/v2\/license?post=425"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}