FortiGate to FortiGate IPSEC Configuration (FortiOS 6.4.0) 

This was a great tutorial, very informative, with step-by-step instructions and explanations for a newbie like me, easy to understand.

This a great material with a lot of information and explanation and besides step-by-step that can help a newbie to understand.

Cheers Mike, I have looked at a lot of other tech videos and you are able to deliver the content at slow pace, not bamboozelling us noobs with a tonne of chaff over complicating things but still giving the right amount of explanation to clearly let us know whats going on and why. Its also very useful that to explain why YOU do things the way YOU do it. I know it takes quite a lot of work to put together these videos but please know that its greatly appreciated. One thing I'd really like to see is a deep dive on debug flow procedures to ascertain traffic flow etc

This was simple and easy to undesrtand....i got all the point and possible errors that can be result during the setup

Amazing session, reviewing this and my NSE4 studies before jumping into NSE5. Great job and thank you!

Keep up the good work on these videos, Michael.

Thanks, that's the best explanation so far! Love you content.

Thanks, that's the best explanation so far

Thank you for this video, watching this video a few times, i learned alot & also was successfully able to create a Ipsec tunnel from a 61e to an Untangle Firewall. *thumbs Up *

great video man, i used and it works 100% thanks a lot!!!

Thanks! explained very well!

Good troubleshooting advice. One of the hardest things for me to wrap my brain around when learning routing is that you have to make sure routes work in both directions. I was great at making sure my packet got from router A to router B.. but why doesn't it ping back? Oh router B doesn't know how to reply back to router A.

I personally tend to use wizard to create my ipsec tunnel then convert to custom to rework the settings. But definitely going full custom might be better. Cant wait for the SDWAN video 😅!!

Great video rock on! I subscribed!

Great tutorial. Thanks.

Short, Simple, and Sweet! S++++++++

Love it. Thank you.

Brilliant sir... thank you very much.

Great video. You could draw sometime the layout of your network on your white board.

Very useful, thanks.

I know you addressed Blackhole routes in a previous comment but when I learned to create these tunnels, Fortinet recommended those Blackholes. I haven't tested it but they said if the tunnel goes down, traffic for the VPN session will match the default route. If you create a black hole with a higher administrative distance, if the VPN goes down traffic will match the blackhole and go back to the VPN when it comes back up. Without the Blackhole, traffic matches the default route and won't go back to the VPN tunnel when it comes back up. Again, I haven't tested it but that's what they told me when I asked why the wizard was creating those Blackholes. Typing this out, this will probably only affect existing sessions but I think the Blackhole might add a more seamless failure and recreation of a tunnel. Thanks for the video.

thanks i found this really helpfull

thanks so much, very useful

Thank u bro...for understanding the ipsec concept... could you please post video for ipsec troubleshooting

I always try to use named adresses. I use them in statics routing and phase 2 and saves me a lot of typo erros when entering adresses. That's even better when setting up multiple VPN tunnels for redundancy. Another thing I do when using redundancy is grouping vpn interfaces in a zone; then with a just a couple policies and I'm done :D

Good job.

awesome mate, thank you for sharing It

Thank you

Thank you very much Mike wow dude you just untied a knot, count me in- subscribing to join the Guru

thank you

Thanks

Nice

Unusual tranquility

quick question related to the reverse policy added after your pings were failing ? why did the IPSEC tunnel was up before if the traffic wasn't allowed ? and thank you for the video !

Can you make some GNS3 adding virtual fortigate appliance or on another software, it would be very useful

hello.. i might be wrong but please explain connecting branch fortinet 40F running on 6.4.4 to head office 6.0.11 200D ip sec connections

Excellent video, I have a question, what would be the steps to be able to access multiple subnet

can you make video about ipsec tunnel with sd wan member

Can you make a video to explain how to configure a site2site VPN between FortiGate and public VPN provider like NordVPN... ?

sorry add to below we need redundant as we are using usb dongle and wan in remote site to connect as SDWAN bundle interface to have one interface which will talk to HO (200d 6.0.11) over ipsec.. means if one either wan or usb goes down automatically other link to be as active and take over the connection with in 5 seconds...having one ipsec vpn connections at HO

since im new to this even vendor is not able to do kindly explain the trouble shooting and connecting ipsec please.. we are able to ipsec om 30E to 200D till 6.2.X but not on 30F 6.4.4

what ping-options will be in case of more than one ipsec vpn and also if we have sd-wan configured

Do recommend creating Blackhole routes for IPSec destinations, as Fortigate does automatically with the wizard? The claim is a reduction in overhead in the event a remote destination becomes unreachable. Curious what your thoughts are on this are.

please make video of ipv6 ipsec in fortinet

Do we need to manually bring up the tunnel from one of the fortigate to trigger the tunnel up?

If we have a profile based firewall, what is the diferrence i the configuration ? Still we must have the static routes ?

is creating a Normalized Interface and mapping it to the device only necessary when you're working with fortimanager?

I need to connect multiple supermarket sites to hq over dydns ipsec vpn. Which is the best fortinet model to use in the hq and supermarket sites

what if you have multiple local subnets instead of just one? we want to pass traffic from multiple subnets instead of just one.

anyone of you, have configured ipsec using ipv6.. i am try to set up it but, dont come up phase 1

which we are not able to connect

Maybe you can show something about FortiManager and explain the best practices regarding implementation with new Fortigates and Fortigates that are already in production ( with rules, vpn an so on). I'm in that position at the moment....new Fortigates (without config) are not a problem but Fortigates that are already in production are not that easy and already existing vpns can not be imported easy......VPN Manager is not a option because you have to create everything new. Maybe you can talk about how other companies are dealing with all those little "obstacles". I hope it makes sense...... :-)

So why you don't want to use the Wizard?

Any idea when 6.2.4 will be released?

It'll better if you showed us your topology.

FGT to FGT is easier than between 2 différents products (FGT to StrongSwan for exemple).. if someone have a config guide, i'm interested 😁 ! Wait debug video 🤞

I woul like to see a double nat ipsec vpn.

Fortinet tutorials with a Cisco DNA shirt. This guy just doesn't care. 😅

A 10.x.y.0/24 subnet is NOT class C! Classes are defined by the first bits of an address. Classful addressing is obsolete since 1993. Please don't use class nomenclature anymore.