Site to Site VPN Fortinet

Types Of Virtual Private Networks (VPN)

There are two main types of VPN that people can use to securely connect to corporate networks. 

1. Remote access VPN

A remote access VPN enables the user to connect their device to a network from outside their organization’s office. This device-to-network approach typically involves a user connecting their laptop, smartphone, or tablet to a network through their VPN. For organizations with changing IP addresses, dynamic DNS (DDNS) can help maintain consistent VPN connectivity by automatically updating domain names with the correct IP address.

Increasingly, advances in VPN technology enable security checks to be carried out to ensure the device is secure before it is granted permission to connect. Remote access VPNs include cloud VPNs, which enable users to securely access applications and data via their web browser.

2. Site-to-Site VPN

A site-to-site VPN enables connections between multiple networks. This network-to-network approach is typically used to connect multiple offices or branch locations to a central office. Site-to-site VPN encryption is useful for organizations with several offices based in various geographical locations. It enables them to share resources from a primary network, such as email servers or data storage facilities, across multiple locations. It also allows access to all users as if servers were located in the physical office. 

How does a site-to-site VPN work?

A site-to-site VPN creates a secure connection between two or more networks at different locations. It encrypts data transmitted between these networks over the public internet, forming a virtual “tunnel” for secure communication.

A site-to-site VPN securely connects separate office networks, allowing them to function as one cohesive network. This enables secure communication and resource sharing between different locations, improving collaboration and productivity.

Site-to-site VPNs offer secure communication between geographically dispersed networks, reduced operational costs compared to dedicated leased lines, and centralized network management for improved efficiency.

Challenges include potential performance issues due to latency and bandwidth limitations, complexity in configuration and ongoing management, and ensuring compatibility between different VPN devices and protocols.

Site-to-site VPNs connect entire networks together, while remote access VPNs connect individual devices, like laptops or smartphones, to a network, often used by employees working remotely.

Site-to-site VPNs connect entire networks, while point-to-site VPNs connect individual devices to a network. Point-to-site offers more granular control over access for individual users and devices.

VPN, meaning a virtual private network masks your Internet protocol (IP) address, creating a private connection from a public wi-fi connection.

VPNs use virtual connections to create a private network, keeping any device you connect to a public wi-fi safe from hackers and malware, and protecting sensitive information from unauthorized viewing or interception.

A VPN masks a user’s true location to the one they set their VPN to. Common uses include; Protecting Browsing History, Hiding your Private Information, Prevent Data Throttling, and Protecting Devices. 

Access the FortiGate Admin Interface

  • Log into your FortiGate firewall using its web interface. You’ll typically find this at https://<FORTINET_IP>.

Create a VPN Configuration

  1. Go to VPN > IPSec Tunnels.
  2. Click Create New and select Custom.

Phase 1 Configuration

  1. Name: Enter a name for the tunnel.
  2. Remote Gateway: Select Static and enter the StrongSwan public IP.
  3. Interface: Choose the interface that connects to the internet.
  4. Mode: Set to Main (Identity Protection).
  5. Pre-shared Key: Enter the same shared secret used in StrongSwan.
  6. Encryption and Authentication: Use default settings (AES256, SHA256).
  7. Advanced Settings: Adjust settings based on your requirements.

Phase 2 Configuration

  1. Select the tunnel you just created.
  2. Under Phase 2 Select, click Create.
  3. Name: Provide a name.
  4. Local Subnet: Enter the StrongSwan local subnet.
  5. Remote Subnet: Enter the FortiGate remote subnet.
  6. Encryption and Authentication: Match the settings used in Phase 1.

Review Policy Route

  1. Go to Policy & Objects > IPv4 Policy.
  2. Create a new policy that allows traffic from the local network to the remote network via the VPN tunnel.

Apply Changes

Save the configuration and apply changes.