![]() Ping from Kali machine to Windows 2016 on Azure. Remember “Disable NAT” on these rules.Ĭreate a static route to allow traffic from FortiGate LAN subnets to your Azure private subnets via the IPSEC VPN site-to-site IKEv2 tunnel. Take note of the IP address of Azure VPN.Ĭreate a new network object for FortiGate.Ĭreate both access rules to allow traffic from FortiGate LAN subnets to your Azure VPN private subnets. Go to “Virtual network gateways”, and select the virtual network gateways that we have created in the previous step.Įnter a shared key (PSK) for VPN site-to-site. Go to “Local network gateway” and create a new local network gateway.Īn IP address is a public IP address of the Palo Alto firewall.Īddress space is Palo Alto’s LAN subnets. ![]() Wait around from 20 to 30 minutes to see if the Deployment will be done. Go to “Virtual network gateway” to create a new virtual network gateway. Basically I removed the Palo Alto firewall and put FortiGate in the diagram.Ĭreate a new virtual network is Azure-PA.Ĭhange default network to PrivateSubnet is 10.0.1.0.Ī subnetwork address range is 10.0.0.0/24 I have used the same topology to deploy VPN site to site between Azure and Palo Alto firewall on-prem (). This is a diagram that I have used for the lab.
0 Comments
Leave a Reply. |