ADVPN with BGP as the routing protocol This recipe provides sample configuration of ADVPN with BGP as the routing protocol. The following options must be enabled for this configuration: l On the hub FortiGate, IPsec phase1-interface net-device disable must be […]

Dialup VPN FortiGate as dialup client This recipe provides sample configuration of dialup IPsec VPN and the dialup client. In this example, a branch office FortiGate connects via dialup IPsec VPN to the HQ FortiGate. The following shows the sample […]

Redundant hub and spoke VPN This recipe provides sample configuration of hub and spoke IPsec VPN. The following applies for this scenario: l The spokes have two WAN interfaces and two IPsec VPN tunnels for redundancy. l The secondary VPN […]

IPsec aggregate to achieve redundancy and traffic load-balancing The recipe gives a sample configuration of using IPsec aggregate to achieve redundancy and traffic load-balancing: l Multiple site-to-site IPsec VPN (net-device disable) tunnel interfaces as member of ipsec-aggregate l Four load-balancing […]

OSPF with IPsec VPN to achieve network redundancy This recipe provides sample configuration of using OSPF with IPsec VPN to achieve network redundancy. Route selection is based on OSPF cost calculation. It is easy to achieve ECMP or primary/secondary routes […]

Basic site-to-site VPN IPsec VPN in an HA environment This recipe provides sample configuration of site-to-site IPsec VPN in an HA environment. You must enable two options to ensure IPsec VPN traffic does not interrupt during an HA failover: session-pickup […]

SSL Inspection Certificate inspection FortiGate supports certificate inspection. The default configuration has a built-in certificate-inspection profile which you can use directly. When you use certificate inspection, the FortiGate only inspects the header information of the packets. If you do not […]