Configuring tunnel interfaces and dynamic mapping
After the policy packages are installed on the FortiGates, ensure the tunnel interfaces for Port 2 and Port 3 are configured correctly.
After completing this task, you can fix the settings that were modified when Installing policy packagesSee Fixing the settings in the policy package. |
To configure the tunnel interface address in the GUI:
- Go to Device Manager > Device & Groups.
- In the tree menu, select the device you want to configure.
- Hover over the System tab and select Interface.
- Select the tunnel interface, and click Edit.
- Enter the tunnel address in the IP/Netmask and Remote/IP fields.
To configure the branch devices in the CLI:
FGT1: config system interface
edit "OL_MPLS_0"
set vdom "root"
set ip 10.254.41.2 255.255.255.255
set allowaccess ping
set type tunnel
set remote-ip 10.254.41.1 255.255.255.0
set estimated-upstream-bandwidth 1500
set estimated-downstream-bandwidth 500
set snmp-index 113
set interface "port3"
next
edit "OL_INET_0"
set vdom "root"
set ip 10.254.40.2 255.255.255.255
set allowaccess ping
set type tunnel
set remote-ip 10.254.40.1 255.255.255.0
set estimated-upstream-bandwidth 100
set estimated-downstream-bandwidth 50
set snmp-index 114
set interface "port2"
next
end
FGT2: config system interface
edit "OL_MPLS_0"
set vdom "root"
set ip 10.254.41.3 255.255.255.255
set allowaccess ping
set type tunnel
set remote-ip 10.254.41.1 255.255.255.0
set estimated-upstream-bandwidth 1500
set estimated-downstream-bandwidth 500
set snmp-index 113
set interface "port3"
next
edit "OL_INET_0"
set vdom "root"
set ip 10.254.40.3 255.255.255.255
set allowaccess ping
set type tunnel
set remote-ip 10.254.40.1 255.255.255.0
set estimated-upstream-bandwidth 100
set estimated-downstream-bandwidth 50
set snmp-index 114
set interface "port2"
next
end
To configure the hub device in the CLI:
FGTDC: config system interface
edit "OL_MPLS_0"
set vdom "root"
set ip 10.254.41.1 255.255.255.255
set allowaccess ping
set type tunnel
set remote-ip 10.254.41.254 255.255.255.0
set snmp-index 114
set interface "port3"
next
edit "OL_INET_0"
set vdom "root"
set ip 10.254.40.1 255.255.255.255
set allowaccess ping
set type tunnel
set remote-ip 10.254.40.254 255.255.255.0
set snmp-index 115
set interface "port2"
next
end