What is the Scenario?
The head office has IP subnet 10.10.11.0/24 with Fortigate device and the branch has 192.168.100.0/24 with Sonicwall. Site to Site VPN tunnel to be setup between these two branches, so branch computers with IP range 192.168.100.0/24 will be accessing servers in 10.10.11.0/24 and vice versa. The below basic diagram can explain more and will be helpful to understand the VPN settings and configurations in next steps.
Steps to Configure VPN Between Sonicwall and Fortigate
Let’s start with Fortigate (FortiOS 5.2.2). I assume you already have some basic knowledge in Fortigate and SonicWALL VPN settings. I’m not showing every steps to set up VPN between Fortigate and Sonicwall.
1) Make sure head office and branch network addresses are created in Fortigate objects area. Below example shows how I have created branch network object.
2) Create an IPsec VPN tunnel and select ‘Custom VPN Tunnel’ with a name for VPN tunnel.
Select the destination (in this case SonicWALL) IP or DynDNS name. Select the WAN interface which is connected for VPN connectivity, WAN1 for me. Other settings remain same in below screen.
3) Enter the preshared key (like a password) which needs to be entered in Sonicwall device also to create the site to site VPN between these two devices. Select the ‘Main’ mode for the VPN connectivity. 4) Phase 1 proposal is something important. By default FortiOS 5.2 comes with few encryptions. Remove all encryption and authentication settings. Select only 3DES and SHA1 as shown below. Only select DH Group 2. Key Lifetime set to 28800. We will be using these exact settings in Sonicwall firewall.
5) Phase 2 settings also important while setting up the VPN. Select the local network and Remote address which should be the branch network address (that was created in step 1). The encryption settings should be only 3DES and SHA1. Untick ‘Enable Replay Detection’ and ‘PFS’ as below. Make sure other settings remain same.Basically we have created the site to site VPN tunnel in Fortigate device. As I said earlier, I’m not going to cover all steps here. As you should know already, now you have to create firewall policy for incoming and outgoing traffic through VPN tunnel. Also route entry is important to route the branch network traffic from head office network through VPN tunnel.
SonicWall Setup for Site to Site VPN with Fortigate
To be honest, I’m new to SonicWall, but with the information I gathered online helped me setup the Site to Site VPN correctly with Fortigate.
6) Create address objects for head office and local network. It can be created under ‘Network’ and ‘Address Objects’. Here is the example of head office network address object I created. When you create the address object for remote location (connected to Fortigate network) which will be connecting through VPN tunnel, select ‘VPN’ in Zone Assignment. Other local internal network will be assigned to ‘LAN’ zone.
7) Create a VPN tunnel with following settings. Important settings are; Authentication method should be ‘IKE using Preshared secret’ , IP or address of Fortigate public interface and the preshared secret key which we entered in step 3 in Fortigate VPN settings. Leave the others settings as below.
8.) Click on the ‘Network’ tab and set the settings as below. Choose the local network and remote (head office) network addresses which we created in Step 6. 9) Proposals tab in the SonicWall VPN settings are important to setup IPsec VPN tunnel with Fortigate device. Make sure to set the same settings as we did on the Fortigate device. For example, the VPN mode is ‘Main Mode’, DH Group is 2 and other all settings are matching with the proposal settings we did on the Fortigate VPN tunnel settings. Make sure to untick ‘Enable Perfect Forward Secrecy’ as below.
10) In Advanced tab, tick ‘Enable Keep Alive’ option.
With the above steps, we have successfully setup the VPN in SonicWall and Fortigate. Luckily, we do not need to create any separate firewall policies or route entries in SonicWall like Fortigate. Once the VPN tunnel is up, the traffic will flow through this IPsec site to site VPN tunnel between two locations.
Hope this step by step guide would be helpful to setup VPN between SonicWall and Fortigate with the latest OS versions of respective devices. Do share whether this guide is helpful or any other better alternative ways to make the VPN setup.