FortiGate ADVPN Configuration
Let’s look at the topology and configure ADVPN, if you’re coming from Cisco background then you’re pretty familiar with DMVPN and FortiGate has a similar flavour but it’s called ADVPN.
They both are VPN technologies to connect multiple sites but with minor differences.
In the topology we have 1 Hub and 4 Spokes and ADVPN does allow the hub to dynamically inform spokes about a better path for traffic between two spokes.
Let’s start the configuration, we’re assuming that all the interfaces are already configured.
We’ll start from the hub or HQ in our case-
Go to VPN –> IPsec Wizard
We will be at the VPN Creation Wizard page and fill out the required info-
HUB Config is complete and how we’ll configure Branch-1
Branch-1
We will need to get the spoke configuration key from the Hub and enter it in the “Easy configuration Key” box and fill in the rest of the information.
Spoke configuration is complete, the rest of the spokes will be setup the same way.
We can verify the tunnel creation on the hub by going to VPN — IPsec Tunnels.
We don’t need to create any firewall policies on the hub or the spokes, they will be created by the firewall. The below policy is created by the firewall on the hub.
