Select Create New and enter the following: (default values shown can be changed by admin) Gateway Name: SonicWall Remote Gateway: Static IP IP Address: ip address Mode: Main Authentication Method: Preshared Key Pre-shared Key: preshared key
Select Advanced and enter the following:
Encryption: 3DES Authentication: SHA1 DH Group: 2 Keylife: 28800 Leave all other settings as their default.
Select Advanced and enter the following: (default values shown can be changed by admin) Encryption: 3DES Authentication: SHA1 DH group: 2 Keylife: 28800 **Quick Mode Identities: add source and destination networks as SonicWall will require this in building the Security Associations
Add a firewall policy
Add an the source and destination addresses and add an internal to external policy that includes these source and destination addresses to permit the traffic flow.
To add the addresses
Go to Firewall > Address.
Select Create New.
Enter a name for the address, for example FortiGate_network.
Enter the FortiGate IP address and subnet.
Select Create New.
Enter the name for the address, for example SonicWall_network.
Enter the SonicWall IP address and subnet.
To create a firewall policy for the VPN traffic going from the FortiGate unit to the SonicWall device
Create the address object for the FortiGate unit to identify the FortiGate unit's IP address for the VPN Security Association (SA).
To create an address entry
Go to Network > Address Objects.
Select Add and enter the following:
Name: FortiGate_network Zone Assignment: VPN Type: Network Network: FortiGate IP address Netmask: FortiGate netmask
Configure the VPN settings for the VPN tunnel connection.
To configure the VPN, go to VPN.
Ensure Enable VPN is selected in the VPN Global Settings section.
Select Add in the VPN Policies area.
Select the General tab and configure the following: IPSec Keying Mode: IKE using Preshared Secret. Name: FortiGate_network IPSec primary Gateway Name or Address: IPSec gateway IP address Shared Secret: Preshared Local IKE ID: IP Address (address left empty) Peer IKE ID: IP Address (address left empty)
Select the Network tab and configure the following:
For the Local Networks, select Choose local network from list and select LAN Primary Subnet.
For the Destination Networks, select Choose destination network from list and select FortiGate_network.
Select the Proposals tab and configure the following:
IKE (Phase1) Proposal
Exchange: Main Mode DH Group: Group 2 Encryption: 3DES Authentication: SHA1 Life Time: 28800
IKE (Phase2) Proposal
Protocol: ESP Encryption: 3DES Authentication: SHA1 DH Group: Group 2 Life Time: 28800
Select the Advanced tab and select Enable Keep Alive.