Connecting a FortiGate Device to an Azure VPN Gateway

Questions and Answers

Which type of VPN gateway connection should be set for this scenario?

• Point-to-site; SSL
• Site-to-site; IPsec (correct)
• Point-to-site; IPsec
• Site-to-site; SSL

What is the purpose of the local network gateway in Azure?

• To verify the parameters configured
• To set the FortiGate external IP
• To set the on-premises subnet (correct)
• To configure custom routing settings

What is the recommended command to use when the FortiGate is behind NAT?

• diagnose debug enable
• set local-gw {ip} (correct)
• get vpn ike gateway
• diagnose debug application ike -1

What should be verified when configuring the FortiGate end of the connection?

Phase-1 and phase-2 parameters (C)

What is the purpose of the IPsec Monitor widget in FortiGate GUI?

To verify the connection from the local FortiGate to Azure (B)

Which command can be used in FortiGate CLI to get more detailed information about the VPN tunnel?

get vpn ike gateway (B)

What are the most common issues when troubleshooting the creation of the VPN tunnel?

All of the above (D)

What is the purpose of the command 'diagnose debug enable' in FortiGate?

To enable debugging for troubleshooting (A)

What should be done if the FortiGate is behind NAT?

Use the command 'set local-gw {ip}' (A)

What should be done to troubleshoot the Azure side of the VPN tunnel?

Follow the documentation in Azure (B)

Which components are required to be created within the Azure cloud for a site-to-site VPN implementation?

Gateway subnet, VPN gateway, Local network gateway, VPN gateway connection (B)

What is the purpose of the gateway subnet in Azure?

It is a subnet that is unique for each V-NET and hosts the VPN gateway. (A)

Which type of virtual network gateway is used in the site-to-site VPN implementation described in the text?

VPN gateway (B)

What type of IP address does the FortiGate device need to use as its connection peer with the Azure VPN gateway?

Public IP address (A)

What are the available VPN types for the VPN gateway in Azure?

Depends on the gateway SKU selected and connection requirements (D)

What are the possible options for configuring routing on the local FortiGate device?

Static routes, BGP (D)

Which type of virtual network gateway is not used in the course described in the text?

ExpressRoute gateway (A)

What is the purpose of the local network gateway in Azure?

It represents the local network or on-premises network that is connected to Azure. (B)

What type of topology is shown in the image on the slide?

Site-to-site topology (D)

What must be ensured between both sides in a site-to-site VPN implementation?

Connectivity (D)

Flashcards

Site-to-Site VPN

A type of VPN gateway connection that connects two networks over a secure tunnel, typically used to connect an on-premises network to an Azure virtual network.

Local Network Gateway

A resource in Azure that represents the on-premises network that you want to connect to your Azure virtual network.

set local-gw {ip}

A command used to configure the local gateway IP address on a FortiGate device when it's behind a NAT. The IP address is used to establish the VPN tunnel with Azure.

Phase 1 of IPsec

The initial negotiation phase in an IPsec VPN connection where the two devices establish a secure connection.

Phase 2 of IPsec

The second negotiation phase in an IPsec VPN connection where the two devices agree on specific security policies and parameters for data exchange.

IPsec Monitor Widget

A widget in the FortiGate GUI that monitors the VPN tunnel connection from the FortiGate device to an Azure virtual network.

get vpn ike gateway

A command used in the FortiGate CLI to obtain detailed information about the VPN tunnel, including its status, configuration, and usage.

FortiGate Device

A network security device that provides VPN functionality, typically used on the on-premises network side of a site-to-site VPN connection.

Gateway Subnet

A subnet within a virtual network in Azure that is designated to host the VPN gateway.

VPN Gateway

A type of virtual network gateway in Azure used to establish site-to-site VPN connections with on-premises networks.

Public IP Address

A type of IP address that is routable on the public internet and can be used by devices to connect to external resources.

Routing

A set of rules that define how traffic is routed within a network, either statically or dynamically.

diagnose debug enable

A feature in FortiGate that allows enabling detailed logging and troubleshooting information for specific functionalities, including VPN connections.

Site-to-Site Topology

A network topology where two distinct networks, often an on-premises network and a cloud network, are connected over a secure VPN tunnel.

Connectivity

The process of ensuring that the on-premises network and the Azure virtual network can successfully communicate with each other, often through a secure VPN tunnel.

ExpressRoute Gateway

A type of virtual network gateway in Azure used to establish connections with on-premises networks using private peering over Microsoft's global network. Not used for the site-to-site connections described in the text.