Scribd Logo
Upload

Welcome to Scribd!

  • FortiGate To SonicWall VPN Setup

    Uploaded by

    Jonathan Ruver
    5 views2 pages
    FortiGate to SonicWall VPN Setup

    Original Title

    FortiGate to SonicWall VPN Setup

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    FortiGate to SonicWall VPN Setup

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    5 views2 pages

    FortiGate To SonicWall VPN Setup

    Uploaded by

    Jonathan Ruver
    FortiGate to SonicWall VPN Setup

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    FortiGate to SonicWall VPN setup Print Article

    Article

    This article describes the basic settings to set up a VPN connection


    Description between a FortiGate unit and a SonicWall device. Depending on the
    hardware and firmware used, some settings may vary.

    FortiGate unit running FortiOS 3.0 or higher.


    Components SonicWall device running SonicOS Enhanced 3.1.0.11

    Steps or Commands Configure the FortiGate unit


    Configure the Phase1 and Phase 2 VPN settings
    Configure the Phase1 settings

    1. Go to VPN > IPSec > Phase 1.


    2. Select Create New and enter the following:
    (default values shown can be changed by admin)
    Gateway Name: SonicWall
    Remote Gateway: Static IP
    IP Address: ip address
    Mode: Main
    Authentication Method: Preshared Key
    Pre-shared Key: preshared key
    3. Select Advanced and enter the following:

    Encryption: 3DES
    Authentication: SHA1
    DH Group: 2
    Keylife: 28800
    Leave all other settings as their default.
    4. Select OK.

    To configure the Phase 2 settings

    1. Go to VPN > IPSec > Phase 2.


    2. Select Create New and enter the following:

    Tunnel Name: SonicWall


    Remote Gateway: Select SonicWall
    3. Select Advanced and enter the following:
    (default values shown can be changed by admin)
    Encryption: 3DES
    Authentication: SHA1
    DH group: 2
    Keylife: 28800
    **Quick Mode Identities: add source and destination networks as
    SonicWall will require this in building the Security Associations
    4. Select OK.

    Add a firewall policy


    Add an the source and destination addresses and add an internal to
    external policy that includes these source and destination addresses to
    permit the traffic flow.

    To add the addresses

    1. Go to Firewall > Address.


    2. Select Create New.
    3. Enter a name for the address, for example FortiGate_network.
    4. Enter the FortiGate IP address and subnet.
    5. Select OK.
    6. Select Create New.
    7. Enter the name for the address, for example SonicWall_network.
    8. Enter the SonicWall IP address and subnet.
    9. Select OK.

    To create a firewall policy for the VPN traffic going from the FortiGate
    unit to the SonicWall device

    1. Go to Firewall > Policy.


    2. Select Create New and set the following:

    Source Interface: Internal


    Source Address: FortiGate_network
    Destination Interface: SonicWall_network
    Destination Address: WAN1 (or External)
    Schedule: always
    Service: ANY
    Action: Encrypt
    VPN Tunnel: SonicWall
    Select Allow inbound
    Select Allow outbound
    3. Select OK.

    To create a firewall policy for the VNP traffic going from the
    SonicWall device to the FortiGate unit.

    1. Go to Firewall > Policy.


    2. Select Create New and set the following:

    Source Interface: WAN1 (or external)


    Source IP address: SonicWall_network
    Destination Interface: Internal
    Destination Address Name: FortiGate_network
    Schedule: always
    Service: ANY
    Action: Encrypt
    VPN Tunnel: SonicWall
    Select Allow inbound
    Select Allow outbound
    3. Select OK.

    Configure the SonicWall Device


    Create the address object for the FortiGate unit to identify the FortiGate
    unit's IP address for the VPN Security Association (SA).

    To create an address entry

    1. Go to Network > Address Objects.


    2. Select Add and enter the following:

    Name: FortiGate_network
    Zone Assignment: VPN
    Type: Network
    Network: FortiGate IP address
    Netmask: FortiGate netmask
    3. Select OK.

    Configure the VPN settings for the VPN tunnel connection.

    1. To configure the VPN, go to VPN.


    2. Ensure Enable VPN is selected in the VPN Global Settings
    section.
    3. Select Add in the VPN Policies area.
    4. Select the General tab and configure the following:
    IPSec Keying Mode: IKE using Preshared Secret.
    Name: FortiGate_network
    IPSec primary Gateway Name or Address: IPSec gateway IP
    address
    Shared Secret: Preshared
    Local IKE ID: IP Address (address left empty)
    Peer IKE ID: IP Address (address left empty)

    5. Select the Network tab and configure the following:


    For the Local Networks, select Choose local network from
    list and select LAN Primary Subnet.
    For the Destination Networks, select Choose destination
    network from list and select FortiGate_network.

    6. Select the Proposals tab and configure the following:

    IKE (Phase1) Proposal


    Exchange: Main Mode
    DH Group: Group 2
    Encryption: 3DES
    Authentication: SHA1
    Life Time: 28800

    IKE (Phase2) Proposal


    Protocol: ESP
    Encryption: 3DES
    Authentication: SHA1
    DH Group: Group 2
    Life Time: 28800

    7. Select the Advanced tab and select Enable Keep Alive.


    8. Select OK.

    Related Articles
    List of articles about Fortigate IPSec VPN interoperability

    Last Modified Date: 09-02-2011 Document ID: 11657

    You might also like