Thought i should write a small post about setting up a Site to Site VPN between Azure Resource Manager and a Fortigate Firewall on 5.4.
Important thing to notice here. Use Route Based VPN Type on the Azure Virtual Network Gateway for this.
I used this guide to setup our Azure IPsec tunnel from Microsoft. I recommend using there guides when it comes to azure setup. Combine these with other relevant guides. Make sure they have been recently.
Follow the MS guide and it’s straight forward. If you already have a Virtual Network Gateway and a Local Network Gateway setup and want to add a 2nd or more, go to step 6 in the Microsoft guide and set it up like you did the first one.
To add a 2nd Local Network gateway
- Go to your Local Network gateway
- Click add and create a new one. Fill inn name, IP adress of your on site VPN device, fill inn ip adress range(Can fill inn more then one), if you have an excisitng Resource Group for your local networkGW use this.
- Now go to Connections in the new Local Network gateway and click on connections. And click on add and fill inn the information you need.
Now for the Fortinet Setup
- Login to your Fortinet and go to the VPN tab
- Click IPsec Wizard
- Choose Custom
- Fill out the IP address with the Azure Virtual GW IP. You can find that here
- Then fill out the rest of the info like this, notice that NAT Traversal and Dead Peer Detection is off. And IKE V2
Change the Key Life Time on Phase 1 to 28800
Remove PFS on phase 2 and set Seconds to 27000
- Now go to static routes and create a new route to your Azure virtual network you defined.
- Now create some policy’s. Create an incoming one from the Azure site, and an outgoing from you local network. Define this as you wish.