Fortinet

The configuration guide for the Fortinet end of the Site-to-Site VPN tunnel.

In order to complete the Fortinet side of the Site-to-Site VPN connection, you must first complete the following steps from the Fortigate dashboard:

Additional Resources

For more in-depth information on Fortigate VPN configuration, refer to the Fortinet documentation.

The following describes how to accomplish the above such that the Fortinet side of the VPN connection will behave as expected.

Create a VPN tunnel

From the Fortinet dashboard, navigate to the IPsec Tunnels menu from the VPN submenu.

Select Create New, then IPsec Tunnel from the drop-down.

This will open the VPN Creation Wizard. Select Custom, then input a name for the tunnel (e.g., coreweave), then click Next.

This will open the main configuration screen for the IPSec tunnel.

Phase 1 selectors

Refer to the table below, as well as the following screenshots, to configure the settings for the Phase 1 selectors of the tunnel.

Note

Please note that some settings will be left as their default settings, and are therefore not mentioned.

Option nameInstructions

IP Address

The IP address of your VPN service in CoreWeave

Interface

Your WAN interface

Pre-shared Key

IKE

Version 2

Phase 1 Proposal - Encryption

AES128GCM

Phase 1 Proposal - PRF

PRFSHA256

Diffie-Hellman Group

14 (modp2048)

Key Lifetime

28800

Phase 2 selectors

Refer to the table below, as well as the following screenshots, to configure the settings for the Phase 2 selectors of the tunnel.

Note

Please note that some settings will be left as their default settings, and are therefore not mentioned.

Option nameInstructions

Phase 2 Proposal - Encryption

AES128GCM

Phase 2 Proposal - Diffie-Hellman Group

14 (modp2048)

Key Lifetime Seconds

3600

Once the Phase 1 and Phase 2 selectors have been configured as described above, click OK to create the tunnel. This will return you to the IPSec Tunnels dashboard.

Create a Security Policy

Without a Security Policy attached, the VPN tunnel will not appear.

To configure a Security Policy for the new tunnel, navigate to the Firewall Policy page from the Policy & Objects submenu. From here, configure the Security Policy as is appropriate for your environment. Be sure that the new policy is Enabled using the slider at the bottom of the page.

Create a static route

To configure a static route for your tunnel, navigate to the Static Routes page under the Network submenu.

Option nameInstructions

Destination

The CoreWeave VPC subnet

Interface

The newly created tunnel interface

Assign an IP address to the tunnel interface

To assign an IP address to the new tunnel interface, navigate to the Interfaces menu below the Network submenu.

The new tunnel interface will be listed under the Physical Interface you selected during the tunnel setup (this will usually be your WAN port).

Select the Tunnel Interface, then click Edit.

Clicking Edit will open the Edit Interface menu. To configure the interface, refer to the table as well as the screenshots below.

OptionInstructions

IP

The IP for the Fortinet end of the tunnel

Remote IP/Netmask

The IP for the CoreWeave end of the tunnel, including the netmask (usually /30)

Administrative Access

Select PING (This will allow you to ping the tunnel interface from the CoreWeave end of the tunnel)

Once your Tunnel Interface has been correctly configured, the tunnel should be ready to use!

Last updated