fortigate to sonicwall vpn setup_港湾网络科技 - HAR.BING - 创新前沿信息安全产品技术与服务供应商

configure the unitconfigure the phase1 and phase 2 settings

to configure the phase1 settings

go tovpn>ipsec>phase 1.

select create new and enter the following:

gateway name:
remote gateway:static ip
ip address:ip address
mode:main
authentication method:preshared key
pre-shared key:preshared key

select advanced and enter the following:

encryption:3des
authentication:sha1
dh group:2
keylife:28800
leave all other settings as their default.

select ok.

to configure the phase 2 settings

go tovpn>ipsec>phase 2.

select create new and enter the following:

tunnel name:sonicwall
remote gateway:select sonicwall

select advanced and enter the following:

encryption:3des
authentication:sha1
dh group:2
keylife:28800
internet browsing:none
quick mode identities:use selectors from policy

select ok.

add a firewall policy

add an the source and destination addresses and add an internal to external policy that includes these source and destination addresses to permit the traffic flow.

to add the addresses

go tofirewall>address.

select create new to create the fortigate address.

enter a name for the address, for example fortigate_network.

enter the fortigate ip address and subnet.

select ok.

select create new again to create the sonicwall address.

enter the name for the address, for example sonicwall_network.

enter the sonicwall ip address and subnet.

select ok.

to create a firewall policy for the vpn traffic going from the fortigate unit to the sonicwall device

go tofirewall>policy.

select create new and set the following:

source interface:internal
source address:fortigate_network
destination interface:sonicwall_network
destination address:wan1 (or external)
schedule:always
service:any
action:encrypt
vpn tunnel:sonicwall
select allow inbound
select allow outbound

select ok.

to create a firewall policy for the vnp traffic going from the sonicwall device to the fortigate unit

go tofirewall>policy.

select create new and set the following:

source interface:wan1 (or external)
source ip address:sonicwall_network
destination interface:internal
destination address name:fortigate_network
schedule:always
service:any
action:encrypt
vpn tunnel:sonicwall
select allow inbound
select allow outbound

select ok.

configure the sonicwall device

create the address object for the fortigate unit to identify the fortigate unit's ip address for the vpn security association (sa).

to create an address entry

go tonetwork>address objects.

select add and enter the following:

name:fortigate_network
zone assignment:vpn
type:network
network:fortigate ip address
netmask:fortigate netmask

select ok.

configure the vpn settings for the vpn tunnel connection.

to configure the vpn, go to vpn.

ensure enable vpn is selected in the vpn global settings section.

select add in the vpn policies area.

select the general tab and configure the following:
ipsec keying mode:ike using preshared secret.
name:fortigate_network
ipsec primary gateway name or address:ipsec gateway ip address
shared secret:preshared
local ike id:ip address (address left empty)
peer ike id:ip address (address left empty)

select the network tab and configure the following:

for the local networks, select choose local network from list and select lan primary subnet.

for the destination networks, select choose destination network from list and select fortigate_network.

select the proposals tab and configure the following:

ike (phase1) proposalexchange:main mode
dh group:group 2
encryption:3des
authentication:sha1
life time:28800
ike (phase2) proposalprotocol:esp
encryption:3des
authentication:sha1
dh group:group 2
life time:28800

select the advanced tab and select enable keep alive.

select ok.

[版权声明]bsd爱好者乐园站内文章，如来源不是互联网，则均系原创或翻译之作，可随意转载，或以此为基础进行演译，但务必以链接形式注明原始出处和作者信息，否则属于侵权行为。另对本站转载他处文章，俱有说明，如有侵权请联系本人，本人将会在第一时间删除侵权文章。
[站长微博]欢迎访问剑心通明的腾讯微博， bsd爱好者微群，点击此处开通微博同时与剑心互听

tag:

(责任编辑：admin)