Hủy
Cloud Insights

All documents

VPN Site-to-Site

FPT Monitoring
Billing
Billing
AI Marketplace
AI Studio
FPT AI Inference
AI Inference
AI Infrastructure
FPT Security
FPT Cloud Server
FPT DevSecOps Services
FPT Integration
FPT Database Engine
FPT Cloud Backup & DR
FPT Storage
FPT Network
FPT Container
    VPN Site-to-Site Configuration with Fortigate
    VPN Site-to-Site Configuration with Fortigate
    Updated on 31 Oct 2025
    Print: Export: PDF

    You must ensure the following conditions are met:

    • VPN Site-to-Site has been created on the Portal
    • Fortigate has been installed, enabled, and licensed on the customer side
    • Fortigate has been configured with LAN and WAN IPs

    Step 1: Configure VPN Site-to-Site

    Access and create a VPN Site-to-Site connection on https://console.fptcloud.com/ .

    -Create a Customer Gateway:

    • Remote private network: LAN subnet range to be peered with Fortigate

    • Remote IP public: Public IP of Fortigate

    -Create a VPN Connection:

    The “Pre-shared key” value should be saved for configuration on Fortigate.

    The VPN connection includes three main sections:

    • General Information (contains basic connection details)

    • Remote VPN Information (contains encryption and customer-side details)

    • Dead Peer Detection (number of automatic retries if the connection encounters issues)

    Section 1: General Information Section 2: Remote VPN Information file

    When selecting the provider “Fortigate,” the system automatically fills in the IKE and IPsec information as follows:

    For IKE:

    • Encryption algorithm: aes-256

    • Authorization algorithm: sha256

    • IKE version: ikev2

    • Lifetime units: seconds

    • Lifetime value: 28800

    • DH Group: GROUP_14

    • Phase 1 negotiation mode: main

    For IPsec:

    • Encapsulation mode: tunnel

    • Encryption algorithm: aes-256

    • Authorization algorithm: sha256

    • Lifetime units: seconds

    • Lifetime value: 3600

    • Perfect forward secrecy (PFS): GROUP_14

    • Transform protocol: esp

    Section 3: Dead Peer Detection

    Enter the Delay and Max failures values, then click Create VPN Connection.

    Step 2: Configure IPsec on Fortigate

    • Log in to the Fortigate web interface: file

    • Select IPsec Wizard: file

    • Go to IPsec Tunnels:

    -Enter the IP Address of FPT created in Step 1

    -Select the WAN interface (if multiple WANs exist, specify the one you want to use). file

    Check the connection status on the FPT Smart Cloud Portal: file

    • Enable Local Gateway and select Primary IP file

    • Set the Method to Pre-shared Key and enter the same key as in Step 1: file

    Note: If the customer’s setup is behind NAT, configure as shown below and contact L3-FPT Smart Cloud for support. file

    • Configure Phase 1 as follows: file

    If NAT is not used, ensure that NAT mode is disabled.

    • Configure Phase 2 as follows:

    -Local IP: The customer’s network range to be connected file

    Step 3: Configure Firewall and Routing on Fortigate

    • Set the firewall to Allow All for both incoming and outgoing traffic as shown below:

    From FPT Cloud to Fortigate: file

    From Fortigate to FPT Cloud: file

    Connection successfully established between FPT Cloud and Fortigate: file

    • Set the routing as shown below, where Destination is the FPT-side network (e.g., FCI – 172.30.205.0/255.255.255.0) and Interface is the IPsec Tunnel created in the previous step.

    file At this point, you can open the Terminal / Command Line and test network connectivity using ping.

    © 2025 FPT Cloud. All Rights Reserved.