Skip to main content

Fortinet

The configuration guide for the Fortinet end of the Site-to-Site VPN tunnel.

In order to complete the Fortinet side of the Site-to-Site VPN connection, you must first complete the following steps from the Fortigate dashboard:

  1. Create a VPN Tunnel.
  2. Create a Security Policy.
  3. Create a Static Route.
  4. Assign a IP address to the tunnel interface​.
Additional Resources

For more in-depth information on Fortigate VPN configuration, refer to the Fortinet documentation.

The following describes how to accomplish the above such that the Fortinet side of the VPN connection will behave as expected.

Create a VPN tunnel

From the Fortinet dashboard, navigate to the IPsec Tunnels menu from the VPN submenu.

Select Create New, then IPsec Tunnel from the drop-down.

The IPsec tunnels configuration page from the VPN submenu

This will open the VPN Creation Wizard. Select Custom, then input a name for the tunnel (e.g., coreweave), then click Next.

The VPN configuration screen

This will open the main configuration screen for the IPSec tunnel.

Phase 1 selectors

Refer to the table below, as well as the following screenshots, to configure the settings for the Phase 1 selectors of the tunnel.

note

Please note that some settings will be left as their default settings, and are therefore not mentioned.

Option nameInstructions
IP AddressThe IP address of your VPN service in CoreWeave
InterfaceYour WAN interface
Pre-shared KeyA 32 to 64-character alphanumeric random string. ⚠️ CoreWeave will not allow a pre-shared key under 32 characters.
IKEVersion 2
Phase 1 Proposal - EncryptionAES128GCM
Phase 1 Proposal - PRFPRFSHA256
Diffie-Hellman Group14 (modp2048)
Key Lifetime28800
Phase 1 selectors menu

Phase 2 selectors

Refer to the table below, as well as the following screenshots, to configure the settings for the Phase 2 selectors of the tunnel.

note

Please note that some settings will be left as their default settings, and are therefore not mentioned.

Option nameInstructions
Phase 2 Proposal - EncryptionAES128GCM
Phase 2 Proposal - Diffie-Hellman Group14 (modp2048)
Key Lifetime Seconds3600
Phase 2 selectors menu

Once the Phase 1 and Phase 2 selectors have been configured as described above, click OK to create the tunnel. This will return you to the IPSec Tunnels dashboard.

Create a Security Policy

Without a Security Policy attached, the VPN tunnel will not appear.

To configure a Security Policy for the new tunnel, navigate to the Firewall Policy page from the Policy & Objects submenu. From here, configure the Security Policy as is appropriate for your environment. Be sure that the new policy is Enabled using the slider at the bottom of the page.

The Security Policy configuration menu

Create a static route

To configure a static route for your tunnel, navigate to the Static Routes page under the Network submenu.

Option nameInstructions
DestinationThe CoreWeave VPC subnet
InterfaceThe newly created tunnel interface
Static Route configuration options

Assign an IP address to the tunnel interface

To assign an IP address to the new tunnel interface, navigate to the Interfaces menu below the Network submenu.

The new tunnel interface will be listed under the Physical Interface you selected during the tunnel setup (this will usually be your WAN port).

Select the Tunnel Interface, then click Edit.

The network interfaces configuration menu

Clicking Edit will open the Edit Interface menu. To configure the interface, refer to the table as well as the screenshots below.

OptionInstructions
IPThe IP for the Fortinet end of the tunnel
Remote IP/NetmaskThe IP for the CoreWeave end of the tunnel, including the netmask (usually /30)
Administrative AccessSelect PING. (This will allow you to ping the tunnel interface from the CoreWeave end of the tunnel)
The interface configuration menu

Once your Tunnel Interface has been correctly configured, the tunnel should be ready to use!