DescriptionSteps required to set up basic site to site VPN between a FortiGate running FortiOS 3.0 in NAT mode and a SonicWALL Firewall device.
Important : Fortinet is not a service provider for SonicWALL equipment and is in no way responsible for any setup questions or deficiencies found within said devices. Fortinet support will only be responsible for technical aspects of FortiGate device problem solving and troubleshooting.
ScopeFortiGate running in NAT mode. FortiOS 3.0.
SonicWALL device (not specific).
SolutionFortiGate Device Setting
To configure the Phase1 settings
- Go to VPN > IPSec > Phase 1.
- Select Create New and enter the following:
Gateway Name: ToSonicWall
Remote Gateway: SonicWall Static Public IP Address
IP Address: Public IP Address
Local Interface: Wan1 (if it is public interface)
Mode: Main
Authentication Method: Preshared Key
Preshared Key: preshared key
- Select Advanced and enter the following:
Encryption: 3DES
Authentication: SHA1
DH Group: 2
Keylife: 28800
Dead Peer Detection: Disabled
Leave all other settings as default.
- Select OK.
To configure the Phase 2 settings
-
Go to VPN > IPSec > Phase 2.
-
Select Create New and enter the following:
Tunnel Name: SonicWallP2
Remote Gateway: Select ToSonicWall
-
Select Advanced and enter the following:
Encryption: 3DES
Authentication: SHA1
Enable replay detection : Unchecked
DH group: 2
Keylife: 28800
Autokey Keep Alive : Checked
Quick Mode Selector
Source address: Internal LAN Subnet
Destination address: Remote LAN Subnet
-
Select OK.
To add the addresses
- Go to Firewall > Address.
- Select Create New to create the FortiGate address.
- Enter a name for the address, for example FortiGate_network.
- Enter the FortiGate IP address and subnet. “ Internal LAN Subnet ”
- Select OK.
- Select Create New again to create the SonicWALL address.
- Enter the name for the address, for example SonicWALL_network.
- Enter the SonicWall IP address and subnet. “ Remote LAN Subnet ”
- Select OK.
To create a firewall policy for the VPN traffic going from the SonicWALL device to the FortiGate unit
- Go to Firewall > Policy.
- Select Create New and set the following:
Source Interface: Internal
Source IP address: Internal LAN Subnet
Destination Interface: WAN1 (or external)
Destination Address Name: Remote LAN Subnet
Schedule: always
Service: ANY
Action: Encrypt
VPN Tunnel: ToSonicWall
Select Allow inbound
Select Allow outbound
- Select OK
Configure the SonicWALL Device
- Go to “General” tab.
- Under Security Policy
Authentication Method: IKE using Preshared Secret
Name: ToFortiGate
IPSec Primary Gateway Name or Address: FortiGate Public IP Address
IKE Authentication
Shared Secret: preshared key
Confirm Share Secret: preshared key
Others leave to default.
- Create 2 addresses Internal LAN Subnet and Remote LAN Subnet.
- Go to “Network” tab.
Local Networks
Choose local network from list : Internal LAN Subnet
Choose local network from list : Remote LAN Subnet
5. Go to “Proposals” tab.
IKE (Phase 1) Proposal
Exchange: Main Mode
DH Group: Group2
Encryption: 3DES
Authentication: SHA1
Life Time(seconds): 28800
IPSec (Phase 2) Proposal
Protocol: ESP
Encryption: 3DES
Authentication: SHA1
Enable Perfect Forward Secrecy: Checked
DH Group: Group2
Life Time (seconds): 28800
6. Go to “Advanced” tab.
Enable: Keep Alive