# FortiGate IPSec VPN Tunnel Setup

## Step 1: Access the Firewall GUI

1. Launch the firewall.  
2. Enter the public IP address of the firewall in a web browser.  
3. Login using the provided credentials:  
   * **Username:** admin  
   * **Password:** (Received via email)


![](vpc_peering_images/image1.png)

<br/>

![](vpc_peering_images/image2.png)

## Step 2: Create a New VPN Tunnel

1. Click on **VPN Tunnels** in the firewall dashboard.  
2. Click **Create New**.  
3. Select **IPSec Tunnel from Template**.  
4. Enter a name for the tunnel (e.g., **VPC Peering**).  
5. Click **Begin**.

<br/>
![](vpc_peering_images/image3.png)
<br/>

![](vpc_peering_images/image4.png)

## Step 3: Configure IPSec Tunnel

1. Enter a **Pre-shared Key** (randomly generated). Example:  
   4+w2vCVCAB7t6Po9hCwqA8dm  
2. Ensure the same passkey is used for both firewalls.  
3. Click **Next**.
<br/>
![](vpc_peering_images/image5.png)
<br/>
## Step 4: Configure Remote Firewall Settings

1. Enter the **Public IP** address of the remote firewall.  
2. Update the **VPC CIDR** of the remote firewall.  
3. Click **Next**.
<br/>
![](vpc_peering_images/image6.png)
<br/>
## Step 5: Configure Interface Settings

1. Set **Outgoing Interface** to **port1**.  
2. Set **Local Interface** to **port2**.  
3. Click **Next**.
<br/>
![](vpc_peering_images/image7.png)
<br/>
Click on **Next** 

It will show like below and click on submit 
<br/>
![](vpc_peering_images/image8.png)
<br/>
## Step 6: Finalizing the Configuration

1. Click **Submit**.  
2. You may receive a **500: Internal Server Error** message.  
   * Ignore this and click **Submit** again.  
3. The firewall GUI may go down due to the tunnel using **port 443**.
<br/>
![](vpc_peering_images/image9.png)
<br/>
**Step 7: Change Firewall GUI Port**

1. Login to the firewall CLI.

Execute the following command to change the GUI port to **444**:  
config system global  
set admin-sport 444

2. end  
3. Access the firewall GUI using the new port:
<br/>
![](vpc_peering_images/image10.png)
<br/>
[https://164.52.220.91:444/](https://164.52.220.91:444/)

Please check the firewall policy has been added like below 

![](vpc_peering_images/image11.png)

## Step 8: Configure the Second Firewall

1. Repeat the same steps on the second FortiGate firewall:  
   * Update the **Remote Firewall IP**.  
   * Update the **Remote VPC CIDR**.  
   * Change the GUI port to **444** using CLI.  
   * Verify that the firewall policies have been added correctly.

## Step 9: Verify Configuration

1. Ensure that both firewalls have the VPN tunnel established.  
2. Check firewall policies to confirm that the VPC peering connection is configured properly.


---