- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
- Fortinet Community
- Knowledge Base
- FortiGate
- Basic setup: Site to Site VPN - FortiGate to Sonic...
Options
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Not applicable
Created on 05-07-2009 01:25 PM
Article Id
192187
Description
Steps required to set up basic site to site VPN between a FortiGate running FortiOS 3.0 in NAT mode and a SonicWALL Firewall device.
Important : Fortinet is not a service provider for SonicWALL equipment and is in no way responsible for any setup questions or deficiencies found within said devices. Fortinet support will only be responsible for technical aspects of FortiGate device problem solving and troubleshooting.
Scope
Solution
Steps required to set up basic site to site VPN between a FortiGate running FortiOS 3.0 in NAT mode and a SonicWALL Firewall device.
Important : Fortinet is not a service provider for SonicWALL equipment and is in no way responsible for any setup questions or deficiencies found within said devices. Fortinet support will only be responsible for technical aspects of FortiGate device problem solving and troubleshooting.
Scope
FortiGate running in NAT mode. FortiOS 3.0.
SonicWALL device (not specific).
Solution
FortiGate Device Setting
To configure the Phase1 settings
- Go to VPN > IPSec > Phase 1.
- Select Create New and enter the following:
Gateway Name: ToSonicWall
Remote Gateway: SonicWall Static Public IP Address
IP Address: Public IP Address
Local Interface: Wan1 (if it is public interface)
Mode: Main
Authentication Method: Preshared Key
Preshared Key: preshared key
- Select Advanced and enter the following:
Encryption: 3DES
Authentication: SHA1
DH Group: 2
Keylife: 28800
Dead Peer Detection: Disabled
Leave all other settings as default. - Select OK.
To configure the Phase 2 settings
-
Go to VPN > IPSec > Phase 2.
-
Select Create New and enter the following:
Tunnel Name: SonicWallP2
Remote Gateway: Select ToSonicWall -
Select Advanced and enter the following:
Encryption: 3DES
Authentication: SHA1
Enable replay detection : Unchecked
DH group: 2
Keylife: 28800
Autokey Keep Alive : Checked
Quick Mode Selector
Source address: Internal LAN Subnet
Destination address: Remote LAN Subnet -
Select OK.
To add the addresses
- Go to Firewall > Address.
- Select Create New to create the FortiGate address.
- Enter a name for the address, for example FortiGate_network.
- Enter the FortiGate IP address and subnet. “ Internal LAN Subnet ”
- Select OK.
- Select Create New again to create the SonicWALL address.
- Enter the name for the address, for example SonicWALL_network.
- Enter the SonicWall IP address and subnet. “ Remote LAN Subnet ”
- Select OK.
To create a firewall policy for the VPN traffic going from the SonicWALL device to the FortiGate unit
- Go to Firewall > Policy.
- Select Create New and set the following:
Source Interface: Internal
Source IP address: Internal LAN Subnet
Destination Interface: WAN1 (or external)
Destination Address Name: Remote LAN Subnet
Schedule: always
Service: ANY
Action: Encrypt
VPN Tunnel: ToSonicWall
Select Allow inbound
Select Allow outbound - Select OK
Configure the SonicWALL Device
- Go to “General” tab.
- Under Security Policy
Authentication Method: IKE using Preshared Secret
Name: ToFortiGate
IPSec Primary Gateway Name or Address: FortiGate Public IP Address
Name: ToFortiGate
IPSec Primary Gateway Name or Address: FortiGate Public IP Address
IKE Authentication
Shared Secret: preshared key
Confirm Share Secret: preshared key
Shared Secret: preshared key
Confirm Share Secret: preshared key
Others leave to default.
- Create 2 addresses Internal LAN Subnet and Remote LAN Subnet.
- Go to “Network” tab.
Local Networks
Choose local network from list : Internal LAN Subnet
Choose local network from list : Internal LAN Subnet
Choose local network from list : Remote LAN Subnet
5. Go to “Proposals” tab.
IKE (Phase 1) Proposal
Exchange: Main Mode
DH Group: Group2
Encryption: 3DES
Authentication: SHA1
Life Time(seconds): 28800
Exchange: Main Mode
DH Group: Group2
Encryption: 3DES
Authentication: SHA1
Life Time(seconds): 28800
IPSec (Phase 2) Proposal
Protocol: ESP
Encryption: 3DES
Authentication: SHA1
Enable Perfect Forward Secrecy: Checked
DH Group: Group2
Life Time (seconds): 28800
Protocol: ESP
Encryption: 3DES
Authentication: SHA1
Enable Perfect Forward Secrecy: Checked
DH Group: Group2
Life Time (seconds): 28800
6. Go to “Advanced” tab.
Enable: Keep Alive
Labels:
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.