Connecting Azure Stack to my FortiGate Firewall
I wanted to connect my new local Firewall to my Azure Stack vNet. As I described later this year I did it with my old firewall which was a virtual pfSense Firewall. It was very good to learn the real parameters and to proof that against a commercial product.
Things to configure:
- IP Sec Tunnel Phase I – AES256-SHA256, DH Group 2, 28800 Timeout
- IPSec Tunnel Phase II – AES256GCM, AutoNeg on, 27000 Timeout
- IP Policy
- Static Route
Here are the tunnels configured:
The IPv4 Policy to make it easy – Allow ALL 😉
And lets make a static route to the Azure Stack vNet:
Here is the template of the Config and the VPN Settings in Phase I and Phase II:
config vpn ipsec phase1-interface edit "VPN-AzureStack" set interface "wan1" set ike-version 2 set keylife 28800 set peertype any set proposal aes256-sha256 set dhgrp 2 set remote-gw xxx.xxx.xxx.xxx set psksecret ENC xxxxxxx next end config vpn ipsec phase2-interface edit "VPN-AzureStack01" set phase1name "VPN-AzureStack" set proposal aes256gcm set pfs disable set auto-negotiate enable set keylifeseconds 27000 set src-subnet 192.168.x.0 255.255.255.0 set dst-subnet 192.168.y.0 255.255.255.0 next end
About the Author:
Stefan works as a cloud architect at ACP in Vienna, and has worked in the industry as a business IT specialist since 1996. For many years he has been dealing with the topic of cloud transformation and digitization with a focus on Microsoft Azure. As a Microsoft partner, he holds many workshops and lectures on new cloud services. Stefan lives in Kittsee, Burgenland.
I am a Microsoft Cloud (Azure) consultant at ACP IT Solutions GmbH in Vienna.
Denninger, S. (2019). Site 2 Site VPN FortiGate to Azure Stack. Available at: https://blog.denninger.at/2019/site2site-vpn-fortigate-to-azure-stack/ [Accessed@ 18th May 2020].
Check out more great Azure content here