Description | This article describes how to configure a Site-to-Site IPsec tunnel between a FortiGate and a SonicWALL from the GUI. Settings can changed based on firmware and hardware. |
Scope | FortiGate. |
Solution |
Enter the chosen tunnel name and, then select Next.
Go to VPN -> IPsec Tunnels and edit the tunnel and Convert it to Custom.
This is required in order to adjust the settings.
XAUTH Disabled.
Under Choose Local Network (SonicWALL), Create a new address object. (Do not use the preexisting ones.)
To match the FortiGate we had to change the IKE version to Main Mode, keylife time to 86400, and Enable PFS with DH group 2.
Go to Firewall -> Access Rule -> Add.
On the FortiGate side, Open the CLI and ping the other side Gateway.
Note: When a Sonicwall unit has multiple subnets configured, multiple phase 2's must be created on the FortiGate, and not just multiple subnets in a single Phase 2 selector. This is because the FortiGate uses the same SPI value to bring up phase 2 for all of the subnets, while the Sonicwall expects different SPI values for each of its configured subnets. Using multiple phase 2's on the FortiGate creates different SPI values for each subnet.
In several cases, there may be a need to manually set the 'localid-type' in FortiGate phase1-interface settings. Ensure this matches with what is configured in the SonicWall device. Usually, the localid-type can be set to 'address' and put FortiGate's local gateway IP as the localid.
If any problem occurs, contact Fortinet Support |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.