Skip to main content
susamghatak
susamghatak
New Member
September 1, 2017
Question

Unable to create site to site vpn 30E and 40C

  • September 1, 2017
  • 2 replies
  • 5839 views

I am new in fortinet product. I want to create a site to site vpn in fortigate 60E(firmware version5.6.1) and  fortigate 40C (firmware version 4.0). fortigate 60E has wizard to create vpn but in 40C there is no wizard, so I have to do by manual. So I need some screenshot for do this. Can you provide me. 

    2 replies

    ede_pfau
    SuperUser
    ede_pfau
    SuperUser
    September 1, 2017

    Hi,

     

    and welcome to the forums.

     

    If you use the v5.6 wizard, the proposals for phase1 and phase2 encryption are chosen differently than in earlier versions of FortiOS. For instance, you won't find 3DES and MD5 anymore by default. Which is good.

    So, create your VPN using the wizard, then change the tunnel type to "custom". Now you have full control of all settings. Simply copy those settings (100%, really!) to the older FGT.

    For a better picture of the default settings, look at the config in the CLI, "conf vpn ipsec phase1-interface" & "show full". You will see that e.g. the keylifetime differs from the default in FOS v4.

     

    By now you know that I am assuming a VPN in "Interface mode" as opposed to "Policy mode". You should only use interface mode VPNs, for many reasons.

     

    BTW, get away from v5.6.1 and upgrade to v5.6.2 ASAP. Or better still, stay with v5.4.5 on the 60E which is just fine and stable, until v5.6 has settled a bit.

     

    susamghatak
    susamghatakAuthor
    New Member
    September 1, 2017

    Even I could not upgrade the firmware of fortigate 40C (firmware version 4.0). I have upgraded firmware though I am unable to do that. Whenever I try to upload it successfully uploaded but it never installed and show downgraded.

    rwpatterson
    rwpatterson
    New Member
    September 1, 2017

    susamghatak wrote:

    Even I could not upgrade the firmware of fortigate 40C (firmware version 4.0). I have upgraded firmware though I am unable to do that. Whenever I try to upload it successfully uploaded but it never installed and show downgraded.

    There is different firmware for the Fortigate 40C (FGT40C) and Forti WiFi 40C (FWF40C). Make sure you chose the correct one. Also as stated earlier, from the CLI, copy the config from the 60, swap the phase 2 selectors and paste into the 40C. That should be all you need aside from the static route(s) and policy(s).

    ede_pfau
    SuperUser
    ede_pfau
    SuperUser
    September 1, 2017

    Yes, are you sure you have got the correct firmware image (model, version)? What is it called?

    Terms & ConditionsAccessibility statement