- About Us
-
Secure, unlimited storage to ensures efficiency as well as high and continuous data access demand.
Virtual server integration for 3D Rendering, AI or ML
Enhance application capacity and availability.
Access to an all-inclusive stack for AI development, driven by NVIDIA’s powerful technology!
FPT Web Application Firewall provides powerful protection for web applications
Advanced virtual server with rapid scalability
Backup and restore data instantly, securely and maintain data integrity.
Advanced virtual server with rapid scalability
Access to an all-inclusive stack for AI development, driven by NVIDIA’s powerful technology!
Enhance application capacity and availability.
Backup and restore data instantly, securely and maintain data integrity.
Recovery, ensuring quick operation for the business after all incidents and disasters.
Diverse throughput and capacity to meet various business workloads.
Secure, unlimited storage to ensures efficiency as well as high and continuous data access demand.
FPT Web Application Firewall provides powerful protection for web applications
Intelligent and Comprehensive Virtual Web Application Firewall - Security Collaboration between FPT Cloud and Penta Security.
The Next generation firewall security service
Easily store, manage, deploy, and secure Container images
Safe, secure, stable, high-performance Kubernetes platform
Provided as a service to deploy, monitor, backup, restore, and scale MongoDB databases on cloud.
Provided as a service to deploy, monitor, backup, restore, and scale Redis databases on cloud.
Provided as a service to deploy, monitor, backup, restore, and scale PostgreSQL databases on cloud.
System Monitoring Solution anywhere, anytime, anyplatform
Helps reduce operational costs by up to 40% compared to traditional BI solutions, while improving efficiency through optimized resource usage and infrastructure scaling. - Pricing
- Partner
- Event
VPN Site-to-Site
-
Quick Guide
-
Detailed Instructions
-
FAQs
-
VPN Site-to-Site (new version)
- Common VPN Device Configuration
-
VPN Connection Management
- Create a VPN Connection
- Edit VPN Connection
- Enable/Disable VPN Connection
- Delete VPN Connection
- Create Customer gateway
- Edit Customer gateway
- Delete Customer gateway
- Permission access guide
- Setting up alerts via the Cloud Guard service
- Monitoring service through Monitoring feature
- Monitoring service through Logging feature
- FAQs
You must ensure the following conditions are met:
-
The VPN Site-to-Site service is set up on the FPT Cloud Portal.
-
A Palo Alto firewall is installed and enabled on the customer's side.
-
The Palo Alto firewall has been configured with three IP addresses: Management (Public IP) - WAN (Public IP) - LAN.
Step 1: Configure VPN Site-to-Site
Access and create the VPN Site-to-Site on https://console.fptcloud.com/
-Create a Customer Gateway:
-
Remote private network: LAN subnet range for peering with Palo Alto
-
Remote IP public: Public IP address of Palo Alto
-Create a VPN Connection:
A VPN connection includes three main sections:
-
General Information (contains general connection details)
-
Remote VPN Information (contains encryption and customer-side information)
-
Dead Peer Detection (number of automatic retries if the connection encounters issues)
Section 1: General Information
Note: The Pre-shared key value should be saved for configuration on Palo Alto.
Section 2: Remote VPN Information
When selecting the provider “Palo Alto,” the system automatically fills in the IKE and IPsec information as follows: For IKE:
-
Encryption algorithm: aes-256
-
Authorization algorithm: sha256
-
IKE version: ikev2
-
Lifetime units: seconds
-
Lifetime value: 28800
-
DH Group: GROUP_14
-
Phase 1 negotiation mode: main
For IPsec:
-
Encapsulation mode: tunnel
-
Encryption algorithm: aes-256
-
Authorization algorithm: sha256
-
Lifetime units: seconds
-
Lifetime value: 3600
-
Perfect forward secrecy (PFS): GROUP_14
-
Transform protocol: esp
Section 3: Dead Peer Detection
Enter the Delay and Max failure values, then click Create VPN Connection.
Step 2: Configure IPsec on Palo Alto
-
Log in to Palo Alto via the Management IP:
-
Click Add and activate the Palo Alto Zone.
-
Create a Virtual Router on Palo Alto and click OK.
-
Create WAN and LAN interfaces (for example, ethernet1/1 and ethernet1/2).
-
Create an IKE Crypto profile.
-
Create an IPSec Crypto profile.
-
Go to IPsec Tunnels:
-In the General tab, enter Peer Address as the IP from FPT created in Step 1 (e.g., 103.176.147.48).
-In the Advanced Options tab, fill in the required details:
- Create GlobalProtect IPSec:
- Create IPSec Tunnels:
Step 3: Configure Firewall and Routing on Palo Alto
To configure the firewall and routing on Palo Alto, follow the example below:
- Open any firewall policy.
Depending on your environment, configure the source and destination according to the rule.
- Configure routing between the two subnets 30.30.30.0/24 and 80.80.80.0/24 (adjust according to your actual source and destination networks).
At this point, you can open the Terminal / Command Line to test network connectivity using ping.