Basic Firewall Configuration –
FortiGate to MikroTik IPsec VPN
Purpose of this document
Configuration steps in order to create a IPsec VPN Tunnel between a FortiGate Firewall and MikroTik device.
Devices used in this configuration


Fortigate VM version 5.2.1
MikroTik VM Version 5.20
Network Diagram
10.200.1.1/24
10.200.3.1/24
WWW
10.0.1.0/24
10.0.2.0/24
FortiGate Configuration
Phase 1 Configuration
Config vpn ipsec phase1-interface
Edit “Mikrotik”
Set interface “port1”
Set proposal 3des-sha1
Set dhgrp 2
Set remote-gw 10.200.3.1
Set pksecret <PSK>
Next
End
Phase 2 Configuration
Config vpn ipsec phase2-interface
Edit “Private IP”
Set phase1name “Mikrotik”
Set proposal 3des-sha1
Set dhgrp 2
Set keylife seconds 1800
Set src-subnet 10.0.1.0 255.255.255.0
Set dst-subnet 10.0.2.0 255.2555.255.0
Next
End
Firewall Policies
LAN to Remote
Edit 1
Set srcintf “port3”
Set dstintf “Mikrotik”
Set srcaddr “10.0.1.0/24”
Set dstaddr “10.0.2.0/24”
Set action accept
Set schedule “always”
Set service “ALL”
Set logtraffic all
Next
Remote to LAN
Edit 2
Set srcintf “Mikrotik”
Set dstintf “port3”
Set srcaddr “10.0.2.0/24”
Set dstaddr “10.0.1.0/24”
Set action accept
Set schedule “always”
Set service “ALL”
Set logtraffic all
Next
Static Route
Config router static
Edit 1
Set dst 10.0.2.0 255.255.255.0
Set device “Mikrotik”
Next
End
Confirmation of VPN Status
MikroTik Configuration
Phase 1
Phase 2
DH selection - Proposal
MikroTik DH Groups (PFS Group)
Confirmation of VPN Status