Description | This article describes how to set up an IPsec VPN between FortiGate and pfSense using IKEv2. |
Scope | Applicable to all FortiGate versions and pfSense version 2.3 and beyond: FortiGate, IPsec VPN. |
Solution |
Network Diagram. Configuration FortiGate.:
Phase 1 Configuration: For Phase 1 configuration, insert the correct proposals that will match the pfSense. Include the port and the remote peer's pfSense IP:
config vpn ipsec phase1-interface set ike-version 2 set peertype any set dpd on-idle
Phase 2 Configuration: For Phase 2 configuration, insert the correct proposals that will match the pfSense. Include the source and destination prefixes:
config vpn ipsec phase2-interface
Static route configuration:
config router static
Firewall policy configuration allowing traffic in both directions:
config firewall policy
Configuration pfSense:
Go to VPN > IPsec and choose IKEv2. Select the interface and insert the remote FortiGate IP. Choose the proposals for Phase 1, and once done, click the save button:
After saving, you need to click "Apply Changes" to commit the configuration:
After committing, the message below will appear: Then click the "Add P2" button:
Once done, choose all proposals and requirements that match those chosen on the remote FortiGate side. After that, click the save button.
Again, after pressing save, you need to click "Apply Changes" to commit all configurations:
After committing, the message below will appear:
Now click the "Pre-Shared Keys" link to enter the chosen pre-shared key. Once done, save and commit as in the previous examples:
After everything is done, it is possible to check the status of the IPSec tunnel between FortiGate and pfSense: Just go to Status > IPsec:
Afterward, it is possible to check the status. As we can see below, it is established:
Now, to allow the flow between the source and destination through the tunnel, go to Firewall > Rules:
Inside the page, choose flags to allow traffic in both directions. Once done, click "Save" and then "Apply Changes" to commit the configuration:
In case of doubts about checking the IPSec VPN status or troubleshooting, follow the articles below: https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-IPsec-VPNs-tunnels/ta-p/195955
|
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.