Home Quick Setup Guide Timus Manager Timus Connect App

Fortigate

This article will help you establish a site-to-site IPsec connection between Timus Networks and Fortigate.

IPsec tunnel between Timus - Fortigate:

Fortigate Configuration for Timus:

After going to the New VPN Tunnel page, please use the configuration below: Network: Remote Gateway: Static IP Address IP Address: Enter Timus Public Gateway IP Interface: Please select your Fortigate Public WAN Interface Local Gateway: Disabled NAT Traversal: Enabled Keepalive Frequency: 10 Dead Peer Detection: Enabled

Authentication:

Method: Pre-shared Key Pre-Shared Key: Enter a pre-shared key here, which should be written on the Timus side too. IKE Version: IKEv1 Mode: Main(ID protection) Phase 1 Proposal: Encryption: AES256 Authentication: SHA256 Diffie-Hellman Groups(DH Group): 14 Key Lifetime: 28800 Please note that the other encryption and authentication entries must be deleted. Only the configuration above should be there. You can leave the other options, not mentioned above, however they are. XAUTH: Type Disabled Phase 2 Selectors: Name: Enter Phase 2 name here like Fortigate_Timus_Phase2 Local Address (subnet): You need to enter your local subnet here like 192.168.10.0/24 Remote Address (subnet): You need to enter Timus's WireGuard or OpenVPN subnets here. 192.168.249.0/24 is for WireGuard and 192.168.255.0/24 is for OpenVPN by default if you have not changed them from Timus Manager. Phase 2 Proposal: Encryption: AES256 Authentication: SHA256 Key Lifetime: 3600 Enable Perfect Forward Secrecy (PFS): Disabled Autokey KeepAlive: Enabled Please note that the other encryption and authentication entries must be deleted. Only the configuration above should be there. You can leave the other options, not mentioned above, however they are.

After completing the steps above, you need to define a static routing for the connection of the local subnets:

Timus Configuration for Fortigate Firewall:

  • Go to the Timus Manager -> Sites -> Create New Please note that you need to have a gateway to be able to create an IPsec tunnel(Connector)

  • After clicking on Create New, you need to select Connector on top and enter an IPsec tunnel name, which is required.

Parameters:

Miscellaneous:

  • To enable Dead Peer Detection(DPD) is highly recommended. Therefore, once the IPsec tunnel gets down for some reasons, it will automatically connect back and it will be Established/Online again.

  • After configuring the Phase 1 IKE configuration of Timus, you need to hit Save.

  • After saving, please extend the gateway by clicking on the arrow, and click on the 3 dots at the end of the row. After that, click on View.

  • After clicking on View, you will be the page where you can add/edit the Phase 2 configuration, click on Create New Tunnel to create a Phase 2 configuration for your IPsec.

Phase 2 configuration of Timus:

  • After configuring the Phase 2, click on Save.

PreviousCisco MerakiNextUniFi

Last updated