IPSEC VPN - Palo Alto to Fortigate ( Forti behind a NAT )
IPSEC VPN - Palo Alto to Fortigate ( Forti behind a NAT )
Hello community, as always thank you for your collaboration.
I understand that it is feasible, I have not had to do it, but I understand that it is possible to do the following.
Scenario:
-Palo Alto Firewall Static Public IP directly connected to PA Interface.
-Firewall fortigate behind traditional Modem/Route/OTN almost domiciliary with Dynamica public IP but with private IP in
its WAN interface of the fortigate.
I.e.:
PaloAlto-Untrust-Interface-Static dedicated Public IP=======Internet=====VPN-Site-to-Site=============Dynamic-IP-traditional-Internet-Modem-ISP=====NAT===Private WAN IP Fortigate.
I can set up a Site to Site VPN tunnel between a Palo Alto FW with dedicated static public IP coming directly to the AP against a Fortigate firewall behind a traditional ISP modem/router/nat.
Is it feasible to realize this IPSEC tunnel, that is stable, operates correctly ?
What aspects, configurations, settings, etc. should I consider when making this configuration?
Thanks as always for the collaboration, good vibes and for all the advice and your time in answering.
Greetings and very attentive to your comments.
If the forti does not have an ID option, you can indeed use the private IP address as the peer ID on the Palo