You are on page 1of 3

FortiGate to SonicWall VPN setup

http://kb.fortinet.com/kb/viewContent.do?externalId=11657

FortiGate to SonicWall VPN setup


Article
This article describes the basic settings to set up a VPN connection between a FortiGate unit and a SonicWall device. Depending on the hardware and firmware used, some settings may vary. FortiGate unit running FortiOS 3.0 or higher. SonicWall device running SonicOS Enhanced 3.1.0.11

Description

Components

Configure the FortiGate unit


Configure the Phase1 and Phase 2 VPN settings
Configure the Phase1 settings 1. Go to VPN > IPSec > Phase 1. 2. Select Create New and enter the following: (default values shown can be changed by admin) Gateway Name: SonicWall Remote Gateway: Static IP IP Address: ip address Mode: Main Authentication Method: Preshared Key Pre-shared Key: preshared key 3. Select Advanced and enter the following: Encryption: 3DES Authentication: SHA1 DH Group: 2 Keylife: 28800 Leave all other settings as their default. 4. Select OK. Steps or Commands To configure the Phase 2 settings 1. Go to VPN > IPSec > Phase 2. 2. Select Create New and enter the following: Tunnel Name: SonicWall Remote Gateway: Select SonicWall 3. Select Advanced and enter the following: (default values shown can be changed by admin) Encryption: 3DES Authentication: SHA1 DH group: 2 Keylife: 28800 **Quick Mode Identities: add source and destination networks as SonicWall will require this in building the Security Associations 4. Select OK.

Add a firewall policy


Add an the source and destination addresses and add an internal to external policy that includes these source and destination addresses to permit the traffic flow. To add the addresses

1 de 3

25/03/2014 10:38

FortiGate to SonicWall VPN setup

http://kb.fortinet.com/kb/viewContent.do?externalId=11657

1. 2. 3. 4. 5. 6. 7. 8. 9.

Go to Firewall > Address. Select Create New. Enter a name for the address, for example FortiGate_network. Enter the FortiGate IP address and subnet. Select OK. Select Create New. Enter the name for the address, for example SonicWall_network. Enter the SonicWall IP address and subnet. Select OK.

To create a firewall policy for the VPN traffic going from the FortiGate unit to the SonicWall device 1. Go to Firewall > Policy. 2. Select Create New and set the following: Source Interface: Internal Source Address: FortiGate_network Destination Interface: SonicWall_network Destination Address: WAN1 (or External) Schedule: always Service: ANY Action: Encrypt VPN Tunnel: SonicWall Select Allow inbound Select Allow outbound 3. Select OK. To create a firewall policy for the VNP traffic going from the SonicWall device to the FortiGate unit. 1. Go to Firewall > Policy. 2. Select Create New and set the following: Source Interface: WAN1 (or external) Source IP address: SonicWall_network Destination Interface: Internal Destination Address Name: FortiGate_network Schedule: always Service: ANY Action: Encrypt VPN Tunnel: SonicWall Select Allow inbound Select Allow outbound 3. Select OK.

Configure the SonicWall Device


Create the address object for the FortiGate unit to identify the FortiGate unit's IP address for the VPN Security Association (SA). To create an address entry 1. Go to Network > Address Objects. 2. Select Add and enter the following: Name: FortiGate_network Zone Assignment: VPN Type: Network Network: FortiGate IP address Netmask: FortiGate netmask

2 de 3

25/03/2014 10:38

FortiGate to SonicWall VPN setup

http://kb.fortinet.com/kb/viewContent.do?externalId=11657

3. Select OK. Configure the VPN settings for the VPN tunnel connection. 1. 2. 3. 4. To configure the VPN, go to VPN. Ensure Enable VPN is selected in the VPN Global Settings section. Select Add in the VPN Policies area. Select the General tab and configure the following: IPSec Keying Mode: IKE using Preshared Secret. Name: FortiGate_network IPSec primary Gateway Name or Address: IPSec gateway IP address Shared Secret: Preshared Local IKE ID: IP Address (address left empty) Peer IKE ID: IP Address (address left empty)

5. Select the Network tab and configure the following: For the Local Networks, select Choose local network from list and select LAN Primary Subnet. For the Destination Networks, select Choose destination network from list and select FortiGate_network. 6. Select the Proposals tab and configure the following: IKE (Phase1) Proposal Exchange: Main Mode DH Group: Group 2 Encryption: 3DES Authentication: SHA1 Life Time: 28800 IKE (Phase2) Proposal Protocol: ESP Encryption: 3DES Authentication: SHA1 DH Group: Group 2 Life Time: 28800 7. Select the Advanced tab and select Enable Keep Alive. 8. Select OK.

Related Articles
List of articles about Fortigate IPSec VPN interoperability
Last Modified Date: 09-02-2011 Document ID: 11657

3 de 3

25/03/2014 10:38