Created on 04-05-2016 07:10 AM Edited on 12-17-2021 03:21 AM By Anonymous
Description
This article describes an example VPN configuration between a FortiGate unit and a WatchGuard.
Solution
Name: VPN-WG_to_FGTKey Negotiation Type: isakmp (dynamic)Remote ID Type: Domain NameGateway IP Address:<empty>Gateway Identifier: demoid(*) Shared Key: demoid[Phase 1 Settings]Local ID Type: IP AddressAuthentication: MD5-HMACEncryption: 3DES-CBCDiffie-Hellmann Group: 1Negotiation Timeouts: 8192 kilobytes, 24 hours [should be the same as opposite][x] Enable Aggressive ModeDefine a tunnel[Identity:]Name: demotunnel[Phase 2 Settings]Security Association Proposal:Type: ESP (Encapsulated Security Payload)Authentication: MD5-HMACEncryption: 3DES-CBC[x] Force Key Expiration: every 8192 kilobytes, every 24 hours>Define a Routing PolicyLocal: NetworkRemote: NetworkDisposition: secureTunnel: VPN-WG_to_FGTPolicies can be entered multiple times, in fact, here's only one active policy that doesn't restrict by Src Port, Protocol or Dst Port]FortiGate ConfigurationGo to VPN -> IPsec -> Tunnels -> New VPN, select Custom VPN Tunnel (No template) and configure:Phase 1 ParametersPhase 2 Parameters
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.