Building Site-to-Site B2B from Unifi USG to Fortigate (500D or other models) Fortigate Configuration 1. Build a New VPN Tunnel using Custom VPN Tunnel (No Template) 2. Under Network, point to the Public Side IP of the USG (Public IP, not WAN interface) 3. Leave everything else default (NAT-T Enabled, DPD Disabled..ect) 4. Authentication, use PSK and IKEv1 with Main 5. Phase 1 Purposal, set algorithms to AES128 and SHA1, with DH 14. 6. Phase 2 Purposal, set Local Address and Remote address to 0.0.0.0/0.0.0.0 and 0.0.0.0/0.0.0.0 respectively. 7. Set Encryption to AES128/Sha1, Replay Detection and PFS enabled, along with DH14. Enable Autokey Keep Alive, and Auto-Negotiate, and save changes. 8. Build a Static Route pointing to the Far-End Destination/Segment you want to reach. 9. Build a Policy Stating which Segments can hit the Far-End Destination/B2B USG Configuration 1. This is assuming that USG is already registered to the Unifi Controller. 2. Go t
Comments
Post a Comment