{"id":491,"date":"2022-05-26T22:01:20","date_gmt":"2022-05-27T02:01:20","guid":{"rendered":"https:\/\/opentextbc.ca\/fortigatefirewall\/chapter\/s2s-vpn-fortigate-on-prem-aws\/"},"modified":"2023-08-29T16:28:42","modified_gmt":"2023-08-29T20:28:42","slug":"s2s-vpn-fortigate-on-prem-aws","status":"publish","type":"chapter","link":"https:\/\/opentextbc.ca\/fortigatefirewall\/chapter\/s2s-vpn-fortigate-on-prem-aws\/","title":{"raw":"10.6 Site-to-Site VPN between FortiGate on Premise and FortiGate in the AWS","rendered":"10.6 Site-to-Site VPN between FortiGate on Premise and FortiGate in the AWS"},"content":{"raw":"<div class=\"textbox textbox--learning-objectives\"><header class=\"textbox__header\">\n<p class=\"textbox__title\">Learning Objectives<\/p>\n\n<\/header>\n<div class=\"textbox__content\">\n<ul>\n \t<li>Configure a VPN Wizard in AWS<\/li>\n \t<li>Configure site-to-site VPN between FortiGate on premise and AWS<\/li>\n \t<li>Identify FortiGate subnets in AWS<\/li>\n<\/ul>\n<\/div>\n<\/div>\n\n[caption id=\"attachment_475\" align=\"aligncenter\" width=\"1050\"]<img class=\"wp-image-475 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2022\/05\/10-156.jpg\" alt=\"Site to Site VPN between FortiGate on premise and FortiGate in the AWS\" width=\"1050\" height=\"399\"> Figure 10.154: Main scenario[\/caption]\n\n<div class=\"textbox shaded\"><strong>Scenario<\/strong>: In this lab, we are going to create a site-to-site VPN from FortiGate on premise to FortiGate in the AWS. Knowing the configuration of <a class=\"internal\" href=\"https:\/\/opentextbc.ca\/fortigatefirewall\/chapter\/deploy-fortigate-in-aws\/\">section 10.5<\/a> is necessary for this lab. Port1 FortiGate on premise is set as a DHCP, so it will receive an IP address from Cloud.<\/div>\n<h2>On-Premise FortiGate Configuration<\/h2>\n<table class=\"aligncenter\" style=\"width: 100%;\"><caption>Table 10.6: Devices configuration<\/caption>\n<tbody>\n<tr>\n<th scope=\"col\">Device<\/th>\n<th scope=\"col\">Interface<\/th>\n<th scope=\"col\">IP address<\/th>\n<\/tr>\n<tr>\n<td>FortiGate<\/td>\n<td>Port 1<\/td>\n<td>DHCP Client<\/td>\n<\/tr>\n<tr>\n<td>Port 2<\/td>\n<td>192.168.10.1\/24<\/td>\n<td>-<\/td>\n<\/tr>\n<tr>\n<td>WebTerm<\/td>\n<td>Eth0<\/td>\n<td>192.168.10.2\/24<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<ol>\n \t<li>Configure the interfaces of the firewall. Port2 by default is an internal interface and named \u201cLAN\u201d and Port1 is an external interface and named \u201cWAN\u201d.\n\n[caption id=\"attachment_476\" align=\"aligncenter\" width=\"841\"]<img class=\"wp-image-476 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-157.jpg\" alt=\"Firewall Interfaces\" width=\"841\" height=\"351\"> Figure 10.155: Firewall interfaces[\/caption]<\/li>\n \t<li>Create a site-to-site VPN from IPsec Wizard as Figures 10.156 to 10.158.\n\n[caption id=\"attachment_479\" align=\"aligncenter\" width=\"856\"]<img class=\"wp-image-477 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-158.jpg\" alt=\"Step1- Select VPN Name\" width=\"856\" height=\"306\"> Figure 10.156: Select VPN name[\/caption]\n\n[caption id=\"attachment_479\" align=\"aligncenter\" width=\"870\"]<img class=\"wp-image-478 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-159.jpg\" alt=\"Step2- Set remote IP Address\" width=\"870\" height=\"242\"> Figure 10.157: Set remote IP address[\/caption]\n\n[caption id=\"attachment_479\" align=\"aligncenter\" width=\"866\"]<img class=\"wp-image-479 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-160.jpg\" alt=\"Step3- Set Policy &amp; Routing\" width=\"866\" height=\"248\"> Figure 10.158: Set Policy &amp; Routing[\/caption]<\/li>\n \t<li>Create a static route to the default gateway.\n\n[caption id=\"attachment_480\" align=\"aligncenter\" width=\"812\"]<img class=\"wp-image-480 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-161.jpg\" alt=\"Set a default gateway\" width=\"812\" height=\"306\"> Figure 10.159: Set a default gateway[\/caption]<\/li>\n<\/ol>\n<h2>AWS Configuration<\/h2>\n<ol>\n \t<li>Create a FortiGate firewall in AWS and configure the interfaces. You need to do all steps in <a class=\"internal\" href=\"\/fortigatefirewall\/chapter\/deploy-fortigate-in-aws\/\">section 10.5<\/a>.<\/li>\n \t<li>Create a VPN from IPsec Wizard as Figures 10.160 to 10.162.\n\n[caption id=\"attachment_483\" align=\"aligncenter\" width=\"852\"]<img class=\"wp-image-481 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-162.jpg\" alt=\"Step1- Select VPN Name\" width=\"852\" height=\"271\"> Figure 10.160: Select VPN name[\/caption]\n\n[caption id=\"attachment_483\" align=\"aligncenter\" width=\"855\"]<img class=\"wp-image-482 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-163.jpg\" alt=\"\" width=\"855\" height=\"243\"> Figure 10.161: Set a remote IP address[\/caption]\n\n[caption id=\"attachment_483\" align=\"aligncenter\" width=\"856\"]<img class=\"wp-image-483 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-164.jpg\" alt=\"Step3-Set Policy &amp; Routing\" width=\"856\" height=\"274\"> Figure 10.162: Set Policy &amp; Routing[\/caption]<\/li>\n \t<li>Create static routes on FortiGate. We are going to create two static routes as follows:\n\n[caption id=\"attachment_486\" align=\"aligncenter\" width=\"400\"]<img class=\"wp-image-484\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-165.jpg\" alt=\"Set a default gateway via 10.0.0.1\" width=\"400\" height=\"273\"> Figure 10.163: Set a default gateway via 10.0.0.1[\/caption]\n\n[caption id=\"attachment_486\" align=\"aligncenter\" width=\"400\"]<img class=\"wp-image-485\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-166.jpg\" alt=\" Create a static route to 10.0.0.0\/16 network via 10.0.1.1\" width=\"400\" height=\"287\"> Figure 10.164: Create a static route to 10.0.0.0\/16 network via 10.0.1.1[\/caption]\n\n[caption id=\"attachment_486\" align=\"aligncenter\" width=\"937\"]<img class=\"wp-image-486 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-167.jpg\" alt=\"\" width=\"937\" height=\"233\"> Figure 10.165: Overview of static routes on FortiGate[\/caption]<\/li>\n \t<li>Go to\u00a0<strong>VPN<\/strong> &gt; <strong>IPsec Tunnels<\/strong> and check status of the tunnel.\n\n[caption id=\"attachment_488\" align=\"aligncenter\" width=\"1200\"]<img class=\"wp-image-487 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-168.jpg\" alt=\"Check status of tunnel on AWS\" width=\"1200\" height=\"320\"> Figure 10.166: Check the status of the tunnel on AWS[\/caption]\n\n[caption id=\"attachment_488\" align=\"aligncenter\" width=\"1081\"]<img class=\"wp-image-488 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-169.jpg\" alt=\"\" width=\"1081\" height=\"318\"> Figure 10.167: Check status of tunnel on FortiGate on premise[\/caption]<\/li>\n \t<li>You should be able to ping from WebTerm to Virtual Machine on AWS and vice versa.\n\n[caption id=\"attachment_490\" align=\"aligncenter\" width=\"685\"]<img class=\"wp-image-489 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-170.jpg\" alt=\"Ping from webterm to Windows VM\" width=\"685\" height=\"327\"> Figure 10.168: Ping from WebTerm to Windows VM[\/caption]\n\n[caption id=\"attachment_490\" align=\"aligncenter\" width=\"450\"]<img class=\"wp-image-490\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-171.jpg\" alt=\"Ping from Windows VM to webterm\" width=\"450\" height=\"442\"> Figure 10.169: Ping from Windows VM to WebTerm[\/caption]<\/li>\n<\/ol>","rendered":"<div class=\"textbox textbox--learning-objectives\">\n<header class=\"textbox__header\">\n<p class=\"textbox__title\">Learning Objectives<\/p>\n<\/header>\n<div class=\"textbox__content\">\n<ul>\n<li>Configure a VPN Wizard in AWS<\/li>\n<li>Configure site-to-site VPN between FortiGate on premise and AWS<\/li>\n<li>Identify FortiGate subnets in AWS<\/li>\n<\/ul>\n<\/div>\n<\/div>\n<figure id=\"attachment_475\" aria-describedby=\"caption-attachment-475\" style=\"width: 1050px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-475 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2022\/05\/10-156.jpg\" alt=\"Site to Site VPN between FortiGate on premise and FortiGate in the AWS\" width=\"1050\" height=\"399\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2022\/05\/10-156.jpg 1050w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2022\/05\/10-156-300x114.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2022\/05\/10-156-1024x389.jpg 1024w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2022\/05\/10-156-768x292.jpg 768w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2022\/05\/10-156-65x25.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2022\/05\/10-156-225x86.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2022\/05\/10-156-350x133.jpg 350w\" sizes=\"auto, (max-width: 1050px) 100vw, 1050px\" \/><figcaption id=\"caption-attachment-475\" class=\"wp-caption-text\">Figure 10.154: Main scenario<\/figcaption><\/figure>\n<div class=\"textbox shaded\"><strong>Scenario<\/strong>: In this lab, we are going to create a site-to-site VPN from FortiGate on premise to FortiGate in the AWS. Knowing the configuration of <a class=\"internal\" href=\"https:\/\/opentextbc.ca\/fortigatefirewall\/chapter\/deploy-fortigate-in-aws\/\">section 10.5<\/a> is necessary for this lab. Port1 FortiGate on premise is set as a DHCP, so it will receive an IP address from Cloud.<\/div>\n<h2>On-Premise FortiGate Configuration<\/h2>\n<table class=\"aligncenter\" style=\"width: 100%;\">\n<caption>Table 10.6: Devices configuration<\/caption>\n<tbody>\n<tr>\n<th scope=\"col\">Device<\/th>\n<th scope=\"col\">Interface<\/th>\n<th scope=\"col\">IP address<\/th>\n<\/tr>\n<tr>\n<td>FortiGate<\/td>\n<td>Port 1<\/td>\n<td>DHCP Client<\/td>\n<\/tr>\n<tr>\n<td>Port 2<\/td>\n<td>192.168.10.1\/24<\/td>\n<td>&#8211;<\/td>\n<\/tr>\n<tr>\n<td>WebTerm<\/td>\n<td>Eth0<\/td>\n<td>192.168.10.2\/24<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<ol>\n<li>Configure the interfaces of the firewall. Port2 by default is an internal interface and named \u201cLAN\u201d and Port1 is an external interface and named \u201cWAN\u201d.<br \/>\n<figure id=\"attachment_476\" aria-describedby=\"caption-attachment-476\" style=\"width: 841px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-476 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-157.jpg\" alt=\"Firewall Interfaces\" width=\"841\" height=\"351\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-157.jpg 841w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-157-300x125.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-157-768x321.jpg 768w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-157-65x27.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-157-225x94.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-157-350x146.jpg 350w\" sizes=\"auto, (max-width: 841px) 100vw, 841px\" \/><figcaption id=\"caption-attachment-476\" class=\"wp-caption-text\">Figure 10.155: Firewall interfaces<\/figcaption><\/figure>\n<\/li>\n<li>Create a site-to-site VPN from IPsec Wizard as Figures 10.156 to 10.158.<br \/>\n<figure id=\"attachment_479\" aria-describedby=\"caption-attachment-479\" style=\"width: 856px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-477 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-158.jpg\" alt=\"Step1- Select VPN Name\" width=\"856\" height=\"306\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-158.jpg 856w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-158-300x107.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-158-768x275.jpg 768w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-158-65x23.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-158-225x80.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-158-350x125.jpg 350w\" sizes=\"auto, (max-width: 856px) 100vw, 856px\" \/><figcaption id=\"caption-attachment-479\" class=\"wp-caption-text\">Figure 10.156: Select VPN name<\/figcaption><\/figure>\n<figure id=\"attachment_479\" aria-describedby=\"caption-attachment-479\" style=\"width: 870px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-478 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-159.jpg\" alt=\"Step2- Set remote IP Address\" width=\"870\" height=\"242\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-159.jpg 870w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-159-300x83.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-159-768x214.jpg 768w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-159-65x18.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-159-225x63.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-159-350x97.jpg 350w\" sizes=\"auto, (max-width: 870px) 100vw, 870px\" \/><figcaption id=\"caption-attachment-479\" class=\"wp-caption-text\">Figure 10.157: Set remote IP address<\/figcaption><\/figure>\n<figure id=\"attachment_479\" aria-describedby=\"caption-attachment-479\" style=\"width: 866px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-479 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-160.jpg\" alt=\"Step3- Set Policy &amp; Routing\" width=\"866\" height=\"248\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-160.jpg 866w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-160-300x86.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-160-768x220.jpg 768w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-160-65x19.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-160-225x64.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-160-350x100.jpg 350w\" sizes=\"auto, (max-width: 866px) 100vw, 866px\" \/><figcaption id=\"caption-attachment-479\" class=\"wp-caption-text\">Figure 10.158: Set Policy &amp; Routing<\/figcaption><\/figure>\n<\/li>\n<li>Create a static route to the default gateway.<br \/>\n<figure id=\"attachment_480\" aria-describedby=\"caption-attachment-480\" style=\"width: 812px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-480 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-161.jpg\" alt=\"Set a default gateway\" width=\"812\" height=\"306\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-161.jpg 812w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-161-300x113.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-161-768x289.jpg 768w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-161-65x24.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-161-225x85.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-161-350x132.jpg 350w\" sizes=\"auto, (max-width: 812px) 100vw, 812px\" \/><figcaption id=\"caption-attachment-480\" class=\"wp-caption-text\">Figure 10.159: Set a default gateway<\/figcaption><\/figure>\n<\/li>\n<\/ol>\n<h2>AWS Configuration<\/h2>\n<ol>\n<li>Create a FortiGate firewall in AWS and configure the interfaces. You need to do all steps in <a class=\"internal\" href=\"\/fortigatefirewall\/chapter\/deploy-fortigate-in-aws\/\">section 10.5<\/a>.<\/li>\n<li>Create a VPN from IPsec Wizard as Figures 10.160 to 10.162.<br \/>\n<figure id=\"attachment_483\" aria-describedby=\"caption-attachment-483\" style=\"width: 852px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-481 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-162.jpg\" alt=\"Step1- Select VPN Name\" width=\"852\" height=\"271\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-162.jpg 852w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-162-300x95.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-162-768x244.jpg 768w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-162-65x21.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-162-225x72.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-162-350x111.jpg 350w\" sizes=\"auto, (max-width: 852px) 100vw, 852px\" \/><figcaption id=\"caption-attachment-483\" class=\"wp-caption-text\">Figure 10.160: Select VPN name<\/figcaption><\/figure>\n<figure id=\"attachment_483\" aria-describedby=\"caption-attachment-483\" style=\"width: 855px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-482 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-163.jpg\" alt=\"\" width=\"855\" height=\"243\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-163.jpg 855w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-163-300x85.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-163-768x218.jpg 768w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-163-65x18.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-163-225x64.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-163-350x99.jpg 350w\" sizes=\"auto, (max-width: 855px) 100vw, 855px\" \/><figcaption id=\"caption-attachment-483\" class=\"wp-caption-text\">Figure 10.161: Set a remote IP address<\/figcaption><\/figure>\n<figure id=\"attachment_483\" aria-describedby=\"caption-attachment-483\" style=\"width: 856px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-483 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-164.jpg\" alt=\"Step3-Set Policy &amp; Routing\" width=\"856\" height=\"274\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-164.jpg 856w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-164-300x96.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-164-768x246.jpg 768w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-164-65x21.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-164-225x72.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-164-350x112.jpg 350w\" sizes=\"auto, (max-width: 856px) 100vw, 856px\" \/><figcaption id=\"caption-attachment-483\" class=\"wp-caption-text\">Figure 10.162: Set Policy &amp; Routing<\/figcaption><\/figure>\n<\/li>\n<li>Create static routes on FortiGate. We are going to create two static routes as follows:<br \/>\n<figure id=\"attachment_486\" aria-describedby=\"caption-attachment-486\" style=\"width: 400px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-484\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-165.jpg\" alt=\"Set a default gateway via 10.0.0.1\" width=\"400\" height=\"273\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-165.jpg 560w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-165-300x205.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-165-65x44.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-165-225x153.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-165-350x239.jpg 350w\" sizes=\"auto, (max-width: 400px) 100vw, 400px\" \/><figcaption id=\"caption-attachment-486\" class=\"wp-caption-text\">Figure 10.163: Set a default gateway via 10.0.0.1<\/figcaption><\/figure>\n<figure id=\"attachment_486\" aria-describedby=\"caption-attachment-486\" style=\"width: 400px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-485\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-166.jpg\" alt=\"Create a static route to 10.0.0.0\/16 network via 10.0.1.1\" width=\"400\" height=\"287\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-166.jpg 557w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-166-300x215.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-166-65x47.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-166-225x162.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-166-350x251.jpg 350w\" sizes=\"auto, (max-width: 400px) 100vw, 400px\" \/><figcaption id=\"caption-attachment-486\" class=\"wp-caption-text\">Figure 10.164: Create a static route to 10.0.0.0\/16 network via 10.0.1.1<\/figcaption><\/figure>\n<figure id=\"attachment_486\" aria-describedby=\"caption-attachment-486\" style=\"width: 937px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-486 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-167.jpg\" alt=\"\" width=\"937\" height=\"233\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-167.jpg 937w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-167-300x75.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-167-768x191.jpg 768w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-167-65x16.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-167-225x56.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-167-350x87.jpg 350w\" sizes=\"auto, (max-width: 937px) 100vw, 937px\" \/><figcaption id=\"caption-attachment-486\" class=\"wp-caption-text\">Figure 10.165: Overview of static routes on FortiGate<\/figcaption><\/figure>\n<\/li>\n<li>Go to\u00a0<strong>VPN<\/strong> &gt; <strong>IPsec Tunnels<\/strong> and check status of the tunnel.<br \/>\n<figure id=\"attachment_488\" aria-describedby=\"caption-attachment-488\" style=\"width: 1200px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-487 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-168.jpg\" alt=\"Check status of tunnel on AWS\" width=\"1200\" height=\"320\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-168.jpg 1200w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-168-300x80.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-168-1024x273.jpg 1024w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-168-768x205.jpg 768w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-168-65x17.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-168-225x60.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-168-350x93.jpg 350w\" sizes=\"auto, (max-width: 1200px) 100vw, 1200px\" \/><figcaption id=\"caption-attachment-488\" class=\"wp-caption-text\">Figure 10.166: Check the status of the tunnel on AWS<\/figcaption><\/figure>\n<figure id=\"attachment_488\" aria-describedby=\"caption-attachment-488\" style=\"width: 1081px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-488 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-169.jpg\" alt=\"\" width=\"1081\" height=\"318\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-169.jpg 1081w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-169-300x88.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-169-1024x301.jpg 1024w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-169-768x226.jpg 768w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-169-65x19.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-169-225x66.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-169-350x103.jpg 350w\" sizes=\"auto, (max-width: 1081px) 100vw, 1081px\" \/><figcaption id=\"caption-attachment-488\" class=\"wp-caption-text\">Figure 10.167: Check status of tunnel on FortiGate on premise<\/figcaption><\/figure>\n<\/li>\n<li>You should be able to ping from WebTerm to Virtual Machine on AWS and vice versa.<br \/>\n<figure id=\"attachment_490\" aria-describedby=\"caption-attachment-490\" style=\"width: 685px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-489 size-full\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-170.jpg\" alt=\"Ping from webterm to Windows VM\" width=\"685\" height=\"327\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-170.jpg 685w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-170-300x143.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-170-65x31.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-170-225x107.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-170-350x167.jpg 350w\" sizes=\"auto, (max-width: 685px) 100vw, 685px\" \/><figcaption id=\"caption-attachment-490\" class=\"wp-caption-text\">Figure 10.168: Ping from WebTerm to Windows VM<\/figcaption><\/figure>\n<figure id=\"attachment_490\" aria-describedby=\"caption-attachment-490\" style=\"width: 450px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-490\" src=\"https:\/\/opentextbc.ca\/wp-content\/uploads\/sites\/438\/2023\/08\/10-171.jpg\" alt=\"Ping from Windows VM to webterm\" width=\"450\" height=\"442\" srcset=\"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-171.jpg 658w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-171-300x295.jpg 300w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-171-65x64.jpg 65w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-171-225x221.jpg 225w, https:\/\/opentextbc.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/438\/2023\/08\/10-171-350x344.jpg 350w\" sizes=\"auto, (max-width: 450px) 100vw, 450px\" \/><figcaption id=\"caption-attachment-490\" class=\"wp-caption-text\">Figure 10.169: Ping from Windows VM to WebTerm<\/figcaption><\/figure>\n<\/li>\n<\/ol>\n","protected":false},"author":124,"menu_order":6,"template":"","meta":{"pb_show_title":"on","pb_short_title":"","pb_subtitle":"","pb_authors":[],"pb_section_license":""},"chapter-type":[],"contributor":[],"license":[],"class_list":["post-491","chapter","type-chapter","status-publish","hentry"],"part":313,"_links":{"self":[{"href":"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-json\/pressbooks\/v2\/chapters\/491","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-json\/pressbooks\/v2\/chapters"}],"about":[{"href":"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-json\/wp\/v2\/types\/chapter"}],"author":[{"embeddable":true,"href":"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-json\/wp\/v2\/users\/124"}],"version-history":[{"count":1,"href":"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-json\/pressbooks\/v2\/chapters\/491\/revisions"}],"predecessor-version":[{"id":492,"href":"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-json\/pressbooks\/v2\/chapters\/491\/revisions\/492"}],"part":[{"href":"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-json\/pressbooks\/v2\/parts\/313"}],"metadata":[{"href":"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-json\/pressbooks\/v2\/chapters\/491\/metadata\/"}],"wp:attachment":[{"href":"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-json\/wp\/v2\/media?parent=491"}],"wp:term":[{"taxonomy":"chapter-type","embeddable":true,"href":"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-json\/pressbooks\/v2\/chapter-type?post=491"},{"taxonomy":"contributor","embeddable":true,"href":"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-json\/wp\/v2\/contributor?post=491"},{"taxonomy":"license","embeddable":true,"href":"https:\/\/opentextbc.ca\/fortigatefirewall\/wp-json\/wp\/v2\/license?post=491"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}