Steps executed on a Fortigate 60F running FortiOS: 7.2.4
Step 1: Create a Location
Go to Policy Locations and create a new Location
Add name, subnet range name and subnet range
Step 2: Create IPSEC tunnel
On the Axis Admin Portal:
Go to settings > Connectors > Tunnel
Create new IPSEC tunnel and associate the IPSEC tunnel with the Location you created in step 1
Step 3: Create a Policy Rule
Go to Policy > Rules
Add a new rule, make sure to set the Source as your home location, set the action to "Allow", and click Apply/Commit changes
Step 4: Create Custom Tunnel on the Fortigate
Click Next
Step 5: IPSEC generic settings
Chosen settings:
· Choose dynamic DNS (non-standard setting)
· Choose Mode Config (non-standard setting) < the remote site will inject default route
· NAT traversal (standard setting)
· The rest are all standard settings too
Step 6: Phase 1, PSK settings
Fill PSK and chose IKE Version 2.
Step 7: Phase 1 proposal settings
Just leave in the standard settings but make sure the "ID" field of the Axis Tunnel matches the "Local ID" field.
Step 8: Phase 2 settings
Just use the standard settings
Step 9: Create new SD-WAN Zone
Create a new SD-WAN Zone
And add the new Axis interfaces
In my case: SD-WAN Zone "Overlay"
Interfaces: Axis-Primary and Axis-Backup
Step 10: Add the Axis Interfaces to IP SLA (not mandatory)
Step 11: Create SDWAN Rule
Make sure to select the new SD-WAN Zone and appropriate source
Destination can be anything
Interfaces have to be the Axis VPN interfaces
Step 12: Add Firewall Policies
Add two Firewall Policies with NAT disabled to and from Axis to your local subnet
In my case I created a test VLAN called Axis, allocated a subnet which I named "Axis address"
Outgoing interface should be the newly created SD-WAN Zone (Overlay in my case) for all traffic towards Axis VPN and the opposite for return traffic.
Proof that my Iphone is using Axis Cloud