FortiGate | SDWAN VPN IPSec Site-to-Site Full Configuration
Berikut Konfigurasi masing-masing perangkat.
Router R2
hostname C-MPLS
!
ip name-server 8.8.8.8
ip name-server 8.8.1.1
!
interface Ethernet0/0
description LINK-HQ-FW_port3
ip address 10.10.0.1 255.255.255.0
ip nat inside
no shut
exit
!
interface Ethernet0/1
description description LINK-HQ-FW_port4
ip address 10.20.0.1 255.255.255.0
ip nat inside
no shut
exit
!
interface Ethernet0/2
description description LINK-BRANCH-FW_port3
ip address 10.10.1.1 255.255.255.0
ip nat inside
no shut
exit
!
interface Ethernet0/3
description description LINK-BRANCH-FW_port4
ip address 10.20.1.1 255.255.255.0
ip nat inside
no shut
exit
!
interface Ethernet1/0
ip address 10.0.137.253 255.255.255.0
ip nat outside
no shut
exit
!
router ospf 1
network 0.0.0.0 255.255.255.255 area 0
!
ip nat inside source list 1 interface Ethernet1/0 overload
ip route 0.0.0.0 0.0.0.0 10.0.137.1
!
access-list 1 permit 10.10.0.0 0.0.0.255
access-list 1 permit 10.20.0.0 0.0.0.255
access-list 1 permit 10.10.1.0 0.0.0.255
access-list 1 permit 10.20.1.0 0.0.0.255
HQ-FW -SDWAN INTERNET
IP Interface
SD-WAN Zone --> Member
Static Route --> SDWAN
SDWAN Performance-SLA Internet
SDWAN Rules Internet
Firewall
Policy
VERIFIKASI:
Testing ping 8.8.8.8 (google) dari firewall dan dari PC-HQ, pastikan sdh reply
HQ-FW -VPN
VPN --> IPsec Wizard |
VPN1
VPN --> IPsec Wizard | VPN2
SD-WAN Zone (VPN), --> Create New --> Zone, Ketik nama zone-nya VPN_Link
Performance SLA VPN
SDWAN Rule VPN
Dan hasilnya sebagai berikut:
Firewall Policy Rule (Ijinkan akses dari LAN-HQ to Cabang)
 |
Firewall Policy Rule (Ijinkan akses dari Cabang to LAN-HQ )
Tambahkn konfigurasi ini dibagian SD-WAN-->Member
***Lakukan hal yang sama di firewall Branch
VERIFIKASI VPN
VERIFIKASI SDWAN
Ping dari PC-HQ
Log
Posting Komentar untuk "FortiGate | SDWAN VPN IPSec Site-to-Site Full Configuration"