Site 2 Site VPN FortiGate to Azure Stack

Connecting Azure Stack to my FortiGate Firewall

I wanted to connect my new local Firewall to my Azure Stack vNet. As I described later this year I did it with my old firewall which was a virtual pfSense Firewall. It was very good to learn the real parameters and to proof that against a commercial product.

Things to configure:

  • IP Sec Tunnel Phase I – AES256-SHA256, DH Group 2, 28800 Timeout
  • IPSec Tunnel Phase II – AES256GCM, AutoNeg on, 27000 Timeout
  • IP Policy
  • Static Route


Here are the tunnels configured:

FortiGate

Phase I:

1azurestack

Phase II:

Edit phase 2

The IPv4 Policy to make it easy – Allow ALL 😉

Edit poicy

And lets make a static route to the Azure Stack vNet:

In the IPSec Monitor you can see your success 😉

Here is the template of the Config and the VPN Settings in Phase I and Phase II:

config vpn ipsec phase1-interface
    edit "VPN-AzureStack"
        set interface "wan1"
        set ike-version 2
        set keylife 28800
        set peertype any
        set proposal aes256-sha256
        set dhgrp 2
        set remote-gw xxx.xxx.xxx.xxx
        set psksecret ENC xxxxxxx
    next
end
config vpn ipsec phase2-interface
    edit "VPN-AzureStack01"
        set phase1name "VPN-AzureStack"
        set proposal aes256gcm
        set pfs disable
        set auto-negotiate enable
        set keylifeseconds 27000
        set src-subnet 192.168.x.0 255.255.255.0
        set dst-subnet 192.168.y.0 255.255.255.0
    next
end

DONE 😉

About the Author:

Stefan works as a cloud architect at ACP in Vienna, and has worked in the industry as a business IT specialist since 1996. For many years he has been dealing with the topic of cloud transformation and digitization with a focus on Microsoft Azure. As a Microsoft partner, he holds many workshops and lectures on new cloud services. Stefan lives in Kittsee, Burgenland.

I am a Microsoft Cloud (Azure) consultant at ACP IT Solutions GmbH in Vienna.

Reference:

Denninger, S. (2019). Site 2 Site VPN FortiGate to Azure Stack. Available at: https://blog.denninger.at/2019/site2site-vpn-fortigate-to-azure-stack/ [Accessed@ 18th May 2020].

Check out more great Azure content here

Share this on...

Rate this Post:

Share: