Configuring a site-to-site VPN tunnel with Coro Network and FortiGate

As part of a virtual office, Coro includes the ability for customers to configure VPNs together with site-to-site tunnels.

This guide describes how to configure Coro to integrate with Fortinet's FortiGate firewall, and how to configure FortiGate to allow traffic for your VPN from both inside and outside the network.

Prerequisites

Before you start, make sure you have the following:

• Access as an admin user to the Coro console for your workspace
• An active subscription (or trial) for the Coro Network module
• Access to the FortiGate admin interface. Screenshots used in this guide originate from v7.2.6.

Coro Network configuration

Configure Coro with details of your site-to-site tunnel and firewall:

1. Log into the Coro console.
2. Navigate to Control Panel > Network :

   

3. Select the Settings tab.

   

4. Select + ADD to add a new site-to-site tunnel configuration.

   

5. Configure your site details :

   note

   Avoid using special characters in your site details or preshared key.

   • Site name : Enter a suitable name for your site-to-site tunnel.
   • Site description : Enter a suitable short description for this tunnel.
   • Remote gateway IP : Enter the firewall/router WAN IP address for the remote site.
   • Remote network IP : Enter the private IP address range used at the remote site.
   • Preshared key : Enter a shared password (secret) that both sites use to authenticate and secure the tunnel. Use a minimum of 20 characters, and keep a note of the key for configuration on the FortiGate device.
   • Lifetime key : Enter "86400".
6. In the same dialog, configure the firewall settings :
   • Remote network mask : Select your local network subnet mask. For example, 16 or 24.
   • IKE version : Select "IKEv2".
   • Phase 1 encryption : Select "AES256-SHA1-D14".
   • Phase 2 encryption : Select "AES256-SHA1-D14".
   • Aggressive mode : Select "No".
7. To save your configuration, select SAVE .
8. Finally, make a note of your virtual office IP address; locate the IP address displayed at the top of the Virtual Office tab. You need this when configuring your FortiGate firewall.

FortiGate configuration

Configure your FortiGate firewall to allow traffic from inside and outside the network:

1. Log into your FortiGate admin interface.
2. Navigate to VPN > IPsec Tunnels .
3. When you create a new VPN tunnel, or edit an existing tunnel, confirm your configuration matches the following making sure to add Coro configuration values where indicated:
   1. In the Network section, make sure your settings match the following. Enter your Coro virtual office IP address in the IP address field:

      

   2. In the Authentication section, make sure your settings match the following. Set the encryption method to "Pre-shared Key" and specify your Coro preshared key in the field provided:

      

      note

      The preshared key must match exactly as specified in the Coro site-to-site tunnel configuration, otherwise the tunnel cannot be established.

   3. In the Phase 1 Proposal section, make sure your settings match the following:

      

   4. In the XAUTH section, make sure your settings match the following:

      

      note

      This section is available only when you create a new tunnel.

   5. In the Phase 2 Selectors section, make sure your settings match the following:

      

4. Make sure to save your configuration.

Test the configuration

After you have completed configuration of Coro Network and your FortiGate firewall, test the connection from the Coro console:

1. Log into the Coro console.
2. Navigate to Control Panel > Network > Settings .
3. Select the three-dot menu icon adjacent to your tunnel configuration, then select Test tunnel to trigger a synchronization test.
4. Upon completion of a successful test, the Test status field updates to show Success .