Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 3 subscribers
  • Views 22016 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPSEC VPN fortigate

Service Informatique6

Hi all, 

Does someone successfully setup ipsec vpn between sophos and fortigate. If somebody can post working configuration I would appreciate.



This thread was automatically locked due to age.
Parents
  • 0

    Just like all the VPNs your proposals and things all need to match. What appliances are you using? UTM, SG, XG? Fortinet appliance details?

  • 0 in reply to AWilson

    UTM 9 and Fortinet FG60D

     

    This is info from fortinet side the guys give me, I try to match those parameters and vpn don't connect.

    IKE:

    encryption AES256

    SHA

    dh group 2

    lifetime 28800

    preshared key

    IPSec:

    AES 256

    SHA

    PFS group 2

    lifetime 3600

  • 0 in reply to Service Informatique6

    Salut and welcome to the UTM Community!

    Based on the above, you would want:

    However, depending on your hardware there might be a better choice like "AES 128 PFS."

    Confirm that both sides have DPD enabled and that they have selected Main Mode, not Aggressive.

    If that doesn't get you connected, disable debug (!), disable the IPsec Connection, start the IPsec Live Log, wait for it to show 10 lines, enable the IPsec Connection and show us the lines from startup to failure - probably less than 60 lines.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0 in reply to Service Informatique6

    Salut and welcome to the UTM Community!

    Based on the above, you would want:

    However, depending on your hardware there might be a better choice like "AES 128 PFS."

    Confirm that both sides have DPD enabled and that they have selected Main Mode, not Aggressive.

    If that doesn't get you connected, disable debug (!), disable the IPsec Connection, start the IPsec Live Log, wait for it to show 10 lines, enable the IPsec Connection and show us the lines from startup to failure - probably less than 60 lines.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML