Description
This article describes an example VPN configuration between a FortiGate unit and a WatchGuard.
Scope
FortiGate.
Solution
WatchGuard Configuration:
Name: VPN-WG_to_FGT
Key Negotiation Type: isakmp (dynamic)
Remote ID Type: Domain Name
Gateway IP Address:<empty>
Gateway Identifier: demoid
(*) Shared Key: demoid
Phase 1 Settings.
Local ID Type: IP Address
Authentication: MD5-HMAC
Encryption: 3DES-CBC
Diffie-Hellmann Group: 1
Negotiation Timeouts: 8192 kilobytes, 24 hours [should be the same as opposite]
[x] Enable Aggressive Mode
Define a tunnel
Identity:
Name: demotunnel
Phase 2 Settings.
Security Association Proposal:
Type: ESP (Encapsulated Security Payload)
Authentication: MD5-HMAC
Encryption: 3DES-CBC
[x] Force Key Expiration: every 8192 kilobytes, every 24 hours>
Define a Routing Policy.
Local: Network
Remote: Network
Disposition: secure
Tunnel: VPN-WG_to_FGT
Policies can be entered multiple times, in fact, here's only one active policy that doesn't restrict by Src Port, Protocol or Dst Port]
FortiGate Configuration.
Go to VPN -> IPsec -> Tunnels -> New VPN, select Custom VPN Tunnel (No template) and configure:
Phase 1 Parameters.
Phase 2 Parameters.
Update 2024: The below are the updated step-by-step of how to create an IPSec VPN between FortiGate and WatchGuard Firebox in BOVPN with and without Virtual Interface.
VPN IPsec FortiGate and WatchGuard BOVPN without Virtual Interface
VPN IPsec FortiGate and WatchGuard BOVPN with Virtual Interface
