Technology Blog

Step by Step Guide to Setup VPN Between Sonicwall and Fortigate, IPsec Site to Site VPN

0
How to set up site to site VPN between Sonicwall and Fortigate? This guide explains step by step methods to title=”View all articles about configure here”>configure IPsec VPN in both devices which can allow two branches or locations to connect. I assume that there are two different IP subnets at both locations. I have done the VPN setup recently with latest FortiOS 5.2 and SonicOS 6.1.2 versions. Few online guides and Q&A’s helped me to setup the IPsec Site to Site VPN between these two devices successfully. Luckily both locations had static internet IPs. If that is not the case for you, you need to use dynamic title=”View all articles about DNS here”>DNS to resolve the IPs and make connection. But it is always recommended to have static IP at your head office which acts as hub in the VPN network.These below steps are simple and not complicated as long as you follow each steps as described here. To configure DynDNS in FortiOS 5.0 and later versions, please refer this guide at Sysprobs. To configure DynDNS in Sonicwall, this post would be helpful. The below demonstration of setting up VPN between Sonicwall and Fortigate had been done on Sonicwall NSA 2600 model and Fortigate 110C devices.

What is the Scenario?

The head office has IP subnet 10.10.11.0/24 with Fortigate device and the branch has 192.168.100.0/24 with Sonicwall. Site to Site VPN tunnel to be setup between these two branches, so branch computers with IP range 192.168.100.0/24 will be accessing servers in 10.10.11.0/24 and vice versa. The below basic diagram can explain more and will be helpful to understand the VPN settings and configurations in next steps.

network diagram

Steps to Configure VPN Between Sonicwall and Fortigate

Let’s start with Fortigate (FortiOS 5.2.2). I assume you already have some basic knowledge in Fortigate and SonicWALL VPN settings. I’m not showing every steps to set up VPN between Fortigate and Sonicwall.

1) Make sure head office and branch network addresses are created in Fortigate objects area. Below example shows how I have created branch network object.

network object in Fortigate

2) Create an IPsec VPN tunnel and select ‘Custom VPN Tunnel’ with a name for VPN tunnel.
Select the destination (in this case SonicWALL) IP or DynDNS name. Select the WAN interface which is connected for VPN connectivity, WAN1  for me. Other settings remain same in below screen.

Fortigate WAN IP3) Enter the preshared key (like a password) which needs to be entered in Sonicwall device also to create the site to site VPN between these two devices.  Select the ‘Main’ mode for the VPN connectivity.preshared key 4) Phase 1 proposal is something important. By default FortiOS 5.2 comes with few encryptions.  Remove all encryption and authentication settings. Select only 3DES and SHA1 as shown below. Only select DH Group 2. Key Lifetime set to 28800. We will be using these exact settings in Sonicwall firewall.

phase 1 proposal settings5) Phase 2 settings also important while setting up the VPN. Select the local network and Remote address which should be the branch network address (that was created in step 1). The encryption settings should be only 3DES and SHA1. Untick ‘Enable Replay Detection’ and ‘PFS’ as below. Make sure other settings remain same.phase2 settingsBasically we have created the site to site VPN tunnel in Fortigate device. As I said earlier, I’m not going to cover all steps here. As you should know already, now you have to create firewall policy for incoming and outgoing traffic through VPN tunnel. Also route entry is important to route the branch network traffic from head office network through VPN tunnel.

SonicWall Setup for Site to Site VPN with Fortigate

To be honest, I’m new to SonicWall, but with the information I gathered online helped me setup the Site to Site VPN correctly with Fortigate.

6) Create address objects for head office and local network. It can be created under ‘Network’ and ‘Address Objects’. Here is the example of head office network address object I created. When you create the address object for remote location (connected to Fortigate network) which will be connecting through VPN tunnel, select ‘VPN’ in Zone Assignment. Other local internal network will be assigned to ‘LAN’ zone.Head office network

7) Create a VPN tunnel with following settings. Important settings are; Authentication method should be ‘IKE using Preshared secret’ , IP or address of Fortigate public interface and the preshared secret key which we entered in step 3 in Fortigate VPN settings. Leave the others settings as below.

main vpn settings in sonicwall 8.) Click on the ‘Network’ tab and set the settings as below. Choose the local network and remote (head office) network addresses which we created in Step 6.Network settings in VPN 9) Proposals tab in the SonicWall VPN settings are important to setup IPsec VPN tunnel with Fortigate device. Make sure to set the same settings as we did on the Fortigate device. For example, the VPN mode is ‘Main Mode’, DH Group is 2 and other all settings are matching with the proposal settings we did on the Fortigate VPN tunnel settings. Make sure to untick ‘Enable Perfect Forward Secrecy’ as below.

proposal settings in Sonicwall VPN

10) In Advanced tab, tick ‘Enable Keep Alive’ option.

advanced settings With the above steps, we have successfully setup the VPN in SonicWall and Fortigate. Luckily, we do not need to create any separate firewall policies or route entries in SonicWall like Fortigate. Once the VPN tunnel is up, the traffic will flow through this IPsec site to site VPN tunnel between two locations.

Hope this step by step guide would be helpful to setup VPN between SonicWall and Fortigate with the latest OS versions of respective devices. Do share whether this guide is helpful or any other better alternative ways to make the VPN setup.