Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Holiday badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiGuest
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDRCloud
- FortiNDR (on-premise)
- FortiPhish
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiScan
- FortiSASE
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiWAN
- FortiVoice
- FortiWeb
- FortiAppSec Cloud
- Lacework
- RMA Information and Announcements
- Wireless Controller
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Support Forum
- Site to Site VPN from FortiGate to Checkpoint
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Not applicable
Created on 04-14-2009 09:18 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Site to Site VPN from FortiGate to Checkpoint
Dear All,
I am facing a problem on the above topice. Let me first explain you my setup.
Site 1:
Foritgate firewall firmware version 3.0
Site 2:
Checkpoint firewall with version R65 installed on IPSO
To configure the FortiGate firewall I have gone through the below Article
Modified 11/30/2007
Keywords: checkpoint,vpn,configuration,ipsec,NGX,firewall
Article ID: 2091
The same way I configured the Fortigate and as well as the checkpoint firewall.
I am facing the following problem
1- The tunnel is not UP
2- There is no process after the Quick mode completion
I request you all to go through the document, before answering my query. The reason is in the document three section I am confused
1- Configure a Firewall Virtual IP Pool
2- Configure a Firewall Virtual IP address
3- Configure Incoming Firewall Policy
So pls any help me. This is so urgent for me.
Thanks in advance.
Regards,
Basha
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Basha,
Forgive me, but I really don' t want to go though teh document.
In my experience with CP and Fortigate, you need to do some debugging to find outr where the problem is.
You should be getting error logs eithr on the checkpoint or the Fortigate.
If you are trying to bring up the tunnel from teh FG, then the error will appeer on the CP and vice versa.
A firewall Virtual IP pool, is used to so that traffic leaving the fortigate seems to come from teh IP address configured in the pool. If your actual address range is what is configured in your phase 2 then you don' t need it.
A firewall Virtual IP address is used to allow traffic coming back down teh tunnel to be directed to a single address, again if your networks do not overlap with each other and are correctly specified in the Phase 2 teh you don' t need this.
Configure incoming firewall policy is required to let the tunnel come up. So allow teh traffic from teh remote site into the network you wish.
ALso in my experience, the CP is normally unhappy because it is expecting to NAT on th einterface of the outside interface. Try to check your address translation rules on CP, ther should be an exempt set of subnets for VPNs
Still learning to type " the"
Still learning to type " the"
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
#diag debug ena
#diag debug app ike 3
This should give you some help to understand whats happening during Phase1/Phase2.
Also note that CP sends Phase2-Quickmode Selectors according to their " remote Network" Settings. You have to specifiy the same (opposite direction of course) on the FGT side. If the QM Selectors does not match you' ll see an " INVALID_ID" error in the debug output.
Forehand mentioned debug is pretty verbose - but with an understanding of IPSec it will reveal all the secrets that happens during P1/P2.
-R.
Not applicable
Created on 04-16-2009 11:29 PM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dear All,
I fixed the problem, I used the document FortiGate to CISCO PIX VPN document. I did the same configuration as it is in the doc. Then on CP I just followed the document VPN-1 VPN Interoperability.
Now I can able to establish the VPN
Thanks again for all you.
Regards,
Basha
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Labels
-
FortiGate
8,806 -
FortiClient
1,788 -
5.2
801 -
FortiManager
745 -
5.4
639 -
FortiAnalyzer
567 -
FortiSwitch
481 -
FortiAP
476 -
FortiClient EMS
440 -
6.0
416 -
5.6
362 -
FortiMail
324 -
SSL-VPN
257 -
6.2
251 -
FortiAuthenticator v5.5
234 -
IPsec
217 -
FortiWeb
211 -
5.0
196 -
FortiNAC
195 -
FortiGuard
139 -
6.4
128 -
SD-WAN
118 -
FortiAuthenticator
110 -
FortiGateCloud
102 -
FortiSIEM
99 -
FortiCloud Products
99 -
FortiToken
92 -
Firewall policy
86 -
Customer Service
81 -
Wireless Controller
81 -
4.0MR3
64 -
FortiProxy
61 -
High Availability
60 -
Fortivoice
57 -
FortiADC
54 -
VLAN
53 -
FortiEDR
52 -
ZTNA
50 -
Routing
49 -
DNS
46 -
FortiExtender
45 -
FortiSandbox
44 -
FortiDNS
42 -
LDAP
42 -
BGP
40 -
Authentication
39 -
NAT
37 -
RADIUS
36 -
SAML
36 -
Certificate
36 -
FortiGate v5.4
35 -
FortiSwitch v6.4
34 -
SSO
34 -
Interface
32 -
VDOM
32 -
FortiConnect
30 -
FortiLink
29 -
FortiWAN
27 -
Application control
27 -
Web profile
27 -
Virtual IP
26 -
FortiConverter
25 -
Logging
25 -
FortiGate v5.2
24 -
FortiGate-VM
23 -
SSL SSH inspection
23 -
FortiPAM
22 -
FortiSwitch v6.2
19 -
FortiPortal
19 -
Fortigate Cloud
19 -
FortiMonitor
18 -
Traffic shaping
18 -
OSPF
16 -
SSID
16 -
Automation
16 -
WAN optimization
16 -
FortiDDoS
15 -
System settings
15 -
FortiGate v5.0
14 -
FortiSOAR
14 -
SNMP
14 -
Static route
14 -
Web application firewall profile
14 -
IP address management - IPAM
14 -
Admin
13 -
FortiCASB
12 -
FortiManager v5.0
11 -
FortiRecorder
11 -
IPS signature
11 -
Security profile
11 -
Proxy policy
11 -
FortiManager v4.0
10 -
FortiBridge
10 -
FortiAP profile
10 -
4.0MR2
9 -
FortiGate v4.0 MR3
9 -
FortiWeb v5.0
9 -
Traffic shaping policy
9 -
Intrusion prevention
9 -
FortiDeceptor
8 -
RMA Information and Announcements
8 -
Port policy
8 -
4.0
7 -
FortiAnalyzer v5.0
7 -
FortiCache
7 -
DNS filter
7 -
Antivirus profile
7 -
Fabric connector
7 -
Web rating
7 -
Fortinet Engage Partner Program
7 -
FortiToken Cloud
6 -
Explicit proxy
6 -
API
6 -
trunk
6 -
Packet capture
6 -
Traffic shaping profile
6 -
FortiTester
5 -
Users
5 -
Email filter profile
5 -
3.6
4 -
FortiCarrier
4 -
FortiScan
4 -
FortiDirector
4 -
Internet service database
4 -
Application signature
4 -
Authentication rule and scheme
4 -
DLP sensor
4 -
Netflow
4 -
TACACS
4 -
Replacement messages
4 -
Service
4 -
Cloud Management Security
4 -
FortiDB
3 -
FortiHypervisor
3 -
FortiNDR
3 -
NAC policy
3 -
DLP Dictionary
3 -
DLP profile
3 -
DoS policy
3 -
Protocol option
3 -
SDN connector
3 -
VoIP profile
3 -
Multicast routing
3 -
FortiInsight
2 -
FortiAI
2 -
Kerberos
2 -
Schedule
2 -
Multicast policy
2 -
Zone
2 -
Vulnerability Management
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
Video Filter
1 -
ICAP profile
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1745 | |
| 1114 | |
| 760 | |
| 447 | |
| 241 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2025 Fortinet, Inc. All Rights Reserved.