Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
gcortes1
Staff
Staff

Created on ‎04-05-2016 07:10 AM Edited on ‎12-17-2021 03:21 AM By Anonymous

Article Id 196471

Technical Tip: VPN IPsec Watchguard to FortiGate

Description
This article describes an example VPN configuration between a FortiGate unit and a WatchGuard.

Solution

WatchGuard Configuration
Name: VPN-WG_to_FGT
Key Negotiation Type: isakmp (dynamic)
Remote ID Type: Domain Name
Gateway IP Address:<empty>
Gateway Identifier: demoid
(*) Shared Key: demoid
[Phase 1 Settings]
Local ID Type: IP Address
Authentication: MD5-HMAC
Encryption: 3DES-CBC
Diffie-Hellmann Group: 1
Negotiation Timeouts: 8192 kilobytes, 24 hours [should be the same as opposite]
[x] Enable Aggressive Mode
Define a tunnel
[Identity:]
Name: demotunnel
[Phase 2 Settings]
Security Association Proposal:
Type: ESP (Encapsulated Security Payload)
Authentication: MD5-HMAC
Encryption: 3DES-CBC
[x] Force Key Expiration: every 8192 kilobytes, every 24 hours>
Define a Routing Policy
Local: Network 
Remote: Network 
Disposition: secure
Tunnel: VPN-WG_to_FGT
Policies can be entered multiple times, in fact, here's only one active policy that doesn't restrict by Src Port, Protocol or Dst Port]
FortiGate Configuration
 
Go to VPN -> IPsec -> Tunnels -> New VPN, select Custom VPN Tunnel (No template) and configure:
 
Phase 1 Parameters
 
fgt-to-wg00.png
 
fgt-to-wg01.png
 
Phase 2 Parameters 
 
fgt-to-wg02.png
Labels:
9003
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.