Hola,
Alguien puede ayudarme a resolver este problema:+
Tengo que establecer una VPN entre un Fortigate y un equipo SonicWall.
He seguido los procedimientos que tiene publicados fortinet, he estado haciendo pruebas y la VPN entre estos dos equipos levanta, pero no hay comunicacion. en VPN - Monitor, aparece arriba la VPN, incluso en el equipo sonicwall, pero no hay comunicacion entre firewall's ni entre redes.
Alguna idea?
Saludos
Fortigate y Sonicwall
Re: Fortigate y Sonicwall
hola de que manera armaste la vpn? podrias mostrarnos la configuracion? y la politica?
saludos
saludos
NSE 7 – Fortinet Network Security Architect
NSE 5 - Network Security Analyst
NSE 5 - Network Security Analyst
Re: Fortigate y Sonicwall
Gracias Gaby,
FortiGate Device Setting
To configure the Phase1 settings
Go to VPN > IPSec > Phase 1.
Select Create New and enter the following:
Gateway Name: ToSonicWall
Remote Gateway: SonicWall Static Public IP Address
IP Address: Public IP Address
Local Interface: Wan1 (if it is public interface)
Mode: Main
Authentication Method: Preshared Key
Preshared Key: preshared key
Select Advanced and enter the following:
Encryption: 3DES
Authentication: SHA1
DH Group: 2
Keylife: 28800
Dead Peer Detection: Disabled
Leave all other settings as default.
Select OK.
To configure the Phase 2 settings
Go to VPN > IPSec > Phase 2.
Select Create New and enter the following:
Tunnel Name: SonicWallP2
Remote Gateway: Select ToSonicWall
Select Advanced and enter the following:
Encryption: 3DES
Authentication: SHA1
Enable replay detection : Unchecked
DH group: 2
Keylife: 28800
Autokey Keep Alive : Checked
Quick Mode Selector
Source address: Internal LAN Subnet
Destination address: Remote LAN Subnet
Select OK.
To add the addresses
Go to Firewall > Address.
Select Create New to create the FortiGate address.
Enter a name for the address, for example FortiGate_network.
Enter the FortiGate IP address and subnet. “ Internal LAN Subnet ”
Select OK.
Select Create New again to create the SonicWALL address.
Enter the name for the address, for example SonicWALL_network.
Enter the SonicWall IP address and subnet. “ Remote LAN Subnet ”
Select OK.
To create a firewall policy for the VPN traffic going from the SonicWALL device to the FortiGate unit
Go to Firewall > Policy.
Select Create New and set the following:
Source Interface: Internal
Source IP address: Internal LAN Subnet
Destination Interface: WAN1 (or external)
Destination Address Name: Remote LAN Subnet
Schedule: always
Service: ANY
Action: Encrypt
VPN Tunnel: ToSonicWall
Select Allow inbound
Select Allow outbound
Select OK
Configure the SonicWALL Device
Go to “General” tab.
Under Security Policy
Authentication Method: IKE using Preshared Secret
Name: ToFortiGate
IPSec Primary Gateway Name or Address: FortiGate Public IP Address
IKE Authentication
Shared Secret: preshared key
Confirm Share Secret: preshared key
Others leave to default.
Create 2 addresses Internal LAN Subnet and Remote LAN Subnet.
Go to “Network” tab.
Local Networks
Choose local network from list : Internal LAN Subnet
Choose local network from list : Remote LAN Subnet
5. Go to “Proposals” tab.
IKE (Phase 1) Proposal
Exchange: Main Mode
DH Group: Group2
Encryption: 3DES
Authentication: SHA1
Life Time(seconds): 28800
IPSec (Phase 2) Proposal
Protocol: ESP
Encryption: 3DES
Authentication: SHA1
Enable Perfect Forward Secrecy: Checked
DH Group: Group2
Life Time (seconds): 28800
6. Go to “Advanced” tab.
Enable: Keep Alive
FortiGate Device Setting
To configure the Phase1 settings
Go to VPN > IPSec > Phase 1.
Select Create New and enter the following:
Gateway Name: ToSonicWall
Remote Gateway: SonicWall Static Public IP Address
IP Address: Public IP Address
Local Interface: Wan1 (if it is public interface)
Mode: Main
Authentication Method: Preshared Key
Preshared Key: preshared key
Select Advanced and enter the following:
Encryption: 3DES
Authentication: SHA1
DH Group: 2
Keylife: 28800
Dead Peer Detection: Disabled
Leave all other settings as default.
Select OK.
To configure the Phase 2 settings
Go to VPN > IPSec > Phase 2.
Select Create New and enter the following:
Tunnel Name: SonicWallP2
Remote Gateway: Select ToSonicWall
Select Advanced and enter the following:
Encryption: 3DES
Authentication: SHA1
Enable replay detection : Unchecked
DH group: 2
Keylife: 28800
Autokey Keep Alive : Checked
Quick Mode Selector
Source address: Internal LAN Subnet
Destination address: Remote LAN Subnet
Select OK.
To add the addresses
Go to Firewall > Address.
Select Create New to create the FortiGate address.
Enter a name for the address, for example FortiGate_network.
Enter the FortiGate IP address and subnet. “ Internal LAN Subnet ”
Select OK.
Select Create New again to create the SonicWALL address.
Enter the name for the address, for example SonicWALL_network.
Enter the SonicWall IP address and subnet. “ Remote LAN Subnet ”
Select OK.
To create a firewall policy for the VPN traffic going from the SonicWALL device to the FortiGate unit
Go to Firewall > Policy.
Select Create New and set the following:
Source Interface: Internal
Source IP address: Internal LAN Subnet
Destination Interface: WAN1 (or external)
Destination Address Name: Remote LAN Subnet
Schedule: always
Service: ANY
Action: Encrypt
VPN Tunnel: ToSonicWall
Select Allow inbound
Select Allow outbound
Select OK
Configure the SonicWALL Device
Go to “General” tab.
Under Security Policy
Authentication Method: IKE using Preshared Secret
Name: ToFortiGate
IPSec Primary Gateway Name or Address: FortiGate Public IP Address
IKE Authentication
Shared Secret: preshared key
Confirm Share Secret: preshared key
Others leave to default.
Create 2 addresses Internal LAN Subnet and Remote LAN Subnet.
Go to “Network” tab.
Local Networks
Choose local network from list : Internal LAN Subnet
Choose local network from list : Remote LAN Subnet
5. Go to “Proposals” tab.
IKE (Phase 1) Proposal
Exchange: Main Mode
DH Group: Group2
Encryption: 3DES
Authentication: SHA1
Life Time(seconds): 28800
IPSec (Phase 2) Proposal
Protocol: ESP
Encryption: 3DES
Authentication: SHA1
Enable Perfect Forward Secrecy: Checked
DH Group: Group2
Life Time (seconds): 28800
6. Go to “Advanced” tab.
Enable: Keep Alive
Re: Fortigate y Sonicwall
hola, podrias pegar la configuracion desde un backup¡? hiciste copiar y pegar desde la web y hay datos que no se ven.
saludos
saludos
NSE 7 – Fortinet Network Security Architect
NSE 5 - Network Security Analyst
NSE 5 - Network Security Analyst
Re: Fortigate y Sonicwall
Gaby,
Te lo envie asi para que veas la configuracion que recomienda Fortinet.
si no se ven, lo envio adjunto...
Te lo envie asi para que veas la configuracion que recomienda Fortinet.
si no se ven, lo envio adjunto...
Re: Fortigate y Sonicwall
hola, si vos lo hiciste tal cual???
que redes privadas tenes en cada sitio?
te da algun error?
es este articulo
[Debes identificarte para poder ver enlaces.]
saludos
que redes privadas tenes en cada sitio?
te da algun error?
es este articulo
[Debes identificarte para poder ver enlaces.]
saludos
NSE 7 – Fortinet Network Security Architect
NSE 5 - Network Security Analyst
NSE 5 - Network Security Analyst
Re: Fortigate y Sonicwall
Asi es, lo hice tal cual y levanta la VPN entre los dos equipos, pero no hay comunicacion.
Re: Fortigate y Sonicwall
Hola, que redes privadas tenes en cada sitio ???
haciendo ping... por donde ves la sesion ??? por donde se va?
y un tracert??
saludos
haciendo ping... por donde ves la sesion ??? por donde se va?
y un tracert??
saludos
NSE 7 – Fortinet Network Security Architect
NSE 5 - Network Security Analyst
NSE 5 - Network Security Analyst