Professional Documents
Culture Documents
http://kb.fortinet.com/kb/viewContent.do?externalId=11657
Description
Components
1 de 3
25/03/2014 10:38
http://kb.fortinet.com/kb/viewContent.do?externalId=11657
1. 2. 3. 4. 5. 6. 7. 8. 9.
Go to Firewall > Address. Select Create New. Enter a name for the address, for example FortiGate_network. Enter the FortiGate IP address and subnet. Select OK. Select Create New. Enter the name for the address, for example SonicWall_network. Enter the SonicWall IP address and subnet. Select OK.
To create a firewall policy for the VPN traffic going from the FortiGate unit to the SonicWall device 1. Go to Firewall > Policy. 2. Select Create New and set the following: Source Interface: Internal Source Address: FortiGate_network Destination Interface: SonicWall_network Destination Address: WAN1 (or External) Schedule: always Service: ANY Action: Encrypt VPN Tunnel: SonicWall Select Allow inbound Select Allow outbound 3. Select OK. To create a firewall policy for the VNP traffic going from the SonicWall device to the FortiGate unit. 1. Go to Firewall > Policy. 2. Select Create New and set the following: Source Interface: WAN1 (or external) Source IP address: SonicWall_network Destination Interface: Internal Destination Address Name: FortiGate_network Schedule: always Service: ANY Action: Encrypt VPN Tunnel: SonicWall Select Allow inbound Select Allow outbound 3. Select OK.
2 de 3
25/03/2014 10:38
http://kb.fortinet.com/kb/viewContent.do?externalId=11657
3. Select OK. Configure the VPN settings for the VPN tunnel connection. 1. 2. 3. 4. To configure the VPN, go to VPN. Ensure Enable VPN is selected in the VPN Global Settings section. Select Add in the VPN Policies area. Select the General tab and configure the following: IPSec Keying Mode: IKE using Preshared Secret. Name: FortiGate_network IPSec primary Gateway Name or Address: IPSec gateway IP address Shared Secret: Preshared Local IKE ID: IP Address (address left empty) Peer IKE ID: IP Address (address left empty)
5. Select the Network tab and configure the following: For the Local Networks, select Choose local network from list and select LAN Primary Subnet. For the Destination Networks, select Choose destination network from list and select FortiGate_network. 6. Select the Proposals tab and configure the following: IKE (Phase1) Proposal Exchange: Main Mode DH Group: Group 2 Encryption: 3DES Authentication: SHA1 Life Time: 28800 IKE (Phase2) Proposal Protocol: ESP Encryption: 3DES Authentication: SHA1 DH Group: Group 2 Life Time: 28800 7. Select the Advanced tab and select Enable Keep Alive. 8. Select OK.
Related Articles
List of articles about Fortigate IPSec VPN interoperability
Last Modified Date: 09-02-2011 Document ID: 11657
3 de 3
25/03/2014 10:38