for the next step you have to configure the VPN on the FortiGate using the custom VPN. First select a Name:
VPN > IPsec Wizard
Enter the Remote Gateways IP Address and the outgoing interface.
Enter the Pre-shared Key you agreed upon as well as IKE-version.
For Phase 1 select the Encryption and Authentication you agreed upon as well as the Diffie-Hellman Group and the Key Lifetime.
For Phase 2 enter the Local and Remote Address space.
Under Advanced options you can select the Encryption and Authentication method you agreed upon as well as the Diffie-Hellman Group and the Key Lifetime.
In the next step you add new Address objects under
Policy & Objects > Addresses > Create New > Address
For your local subnet:
and for the remote subnet:
for the remote wan:
for your local wan:
You can also add Address Groups if you want to add them to the Firewall Policies instead of the direct Subnets.
Add a static route for your remote subnet pointing to the VPN-Tunnel Interface.
Network > Static Routes > Create New
Add another static Route this time pointing to the Blackhole interface.
Last step is to add Firewall Policies to allow the VPN traffic to pass trough.
Add a New Policies Policy & Objects > Firewall Policy > Create New
First for the traffic going to the VPN-Tunnel from the Port of your Subnet. In this case, NAT is not required.
Then for the traffic coming from the VPN-Tunnel going to the Port of your destination Subnet. In this case NAT not required.
After that, monitor your VPN-tunnel. To check your VPN tunnel health you have to add a new Dashboard-Widget called IPsec
Dashboard > Status > Add Widget
Now, your are able to check Phase 1 and Phase 2 status.
You can then test the connection with a simple ping. Phase 2 should be brought up automatically, provided Phase 1 has been brought up properly.
After this you can check on your FortiGate and Check Point if the tunnel was succsefully brought up.
On the Check Point you’re able to check the state of your VPN tunnel with a SmartConsole Extention where you will be able to see that the tunnel is down because you haven’t configured your FortiGate yet.