Hello community,
I am a Network Security Engineer at a small tech consulting company.
I am replacing my edge Cisco router with FortiGate Firewall. Can you please help me list out my checklist before replacing the Cisco router, especially for IPsec site-to-site VPN? What steps should be taken or verified before migration?
Thank you for your help.
You need to collect this information to configure VPN on FortiGate-
1/ IP Public of the Remote Site
2/ Phase 1 Proposal (refer to the ISAKMP of Cisco Router)
3/ Phase 2 Proposal (refer ISAKMP Phase 2, ACLs, Crypto MAP of Cisco Router)
4/ Routing to remote subnet via VPN tunnel. The most common is Static Route at FortiGate
5/ Firewall Policy from LAN to VPN Tunnel and VPN tunnel to LAN
Tips: You can also need to collect the VPN Configuration of the Remote Site in case an issue happens.
Hi there,
From my experience, when you are replacing your cisco router with FortiGate, the checklist that you need to do are:
1. Make sure you do capture configuration from your existing cisco, to help you see the technical data if necessary.
2. Make sure all the IP addresses are implemented correctly, for WAN, and LAN, including the VLAN (if any).
3. If you implementing IPSEC site-to-site VPN, make sure the IP Public and password between site is correct, so the VPN can establish without any problem.
4. If you have an access list on your Cisco router, please update it on your FortiGate. Moreover, FortiGate has a more sophisticated feature for making the access list, like a scheduler, category web apps for what that deny and allow, etc.
5. When all of the replacements are successful, don't forget to make documentation and backup configuration from your FortiGate periodically.