Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
fesch
New Contributor

Error on Site2Site IPsec between Fortigate and Sophos XG

Hello all,

I have a faulty VPN configuration on an IPsec connection between a Fortigate and a Sophos XG to which I cannot find a solution. I have connected several subnets via the VPN: Fortigate:

xx.xx.11.0/24
xx.xx.6.0/24

XG:

xx.xx.100.0/24
xx.xx.2.0/24
xx.xx.0.0/26

The connection is established and also works. However, an error is displayed on the Fortigate. The SAs between the firewalls are displayed with the following notation UP: Source: xx.xx.11.0-xx.xx.11.255 Destination: xx.xx.100.0-xx.xx.100.255, xx.xx.2.0-xx.xx.2.255, xx.xx.0.0-xx.xx.0.62 ....

The same SAs are displayed with a different notation than DOWN: Source: xx.xx.11.0/255.255.255.0 Destination: xx.xx.10.0/255.255.255.0, xx.xx.2.0/255.255.255.0,xx.xx.0.0/255.255.255.192

On the Sophos XG, all SAs are displayed UP.

Does anyone have an idea how I can eliminate this error? This permanently reports a faulty VPN tunnel to our monitoring system.

 

Best regards

 

Felix

1 Solution
Kangming
Staff
Staff

You could try to configure multiple phase2 selectors, In your 2*3 subnet situation, you should configure 6 phase2 selectors to negotiate with Sophos XG.

 

Refer to kb doc:

https://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD33873&sliceId=...

 

Thanks

Kangming

View solution in original post

2 REPLIES 2
Kangming
Staff
Staff

You could try to configure multiple phase2 selectors, In your 2*3 subnet situation, you should configure 6 phase2 selectors to negotiate with Sophos XG.

 

Refer to kb doc:

https://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD33873&sliceId=...

 

Thanks

Kangming

fesch
New Contributor

Thanks for your answer Kangming, that worked. I had already used this solution with the previous Sophos product. So I could have thought of it myself ;)