- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Site-to-site: FortiGate to SonicWall
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Site-to-site: FortiGate to SonicWall
Maybe my duckduckgo (read: googling) skills leave something to be desired, but I cannot for the life of me get my FortiGate 51E to connect to a SonicWall TZ210.
I have found https://support.software.dell.com/kb/sw13566 and http://kb.fortinet.com/kb/viewContent.do?externalId=11657 and while the instructions seem to cover the current SonicWall interface accurately, the FortiGate interface described in the articles seem out of date.
The net result is that the tunnel doesn't work; the SonicWall gives me a "IKE Initiator: Start Quick Mode (Phase 2)." in the log, but nothing more.
Does anyone know of a more recent write-up for FortiGates and SonicWalls?
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
One of our customers has Main mode IPSec (site-to-site) vpn between their Sonicwall to our FG1500D, but we didn't have to change anything specific for Sonicwall and just configured the same way we would do for FG to FG and it's working. We use the interface mode IPSec. You probably need to do sniffing and IKE application debugging at least on the FG side to see what's going on.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If I can chime in
1: Don't figure it like a fgt-2-fgt with typical quad 0.0.0.0s ( aka 0.0.0.0:0 )
2: set the proxy-ids for specific local/remote subnets ( aka src-subnet and dst-subnets)
Here's how we have a simple tunel cfg from a TLZ to FGT110C
SONICWALL
ZONE INSIDE 10.10.0.0/24
ZONE REMOTE 10.11.0.0/24 (FGT )
MD5
PSK 8charactersDHGRP5
PROPOSAL AES128
( if you enable PFS enable it on the FGT ( it should be on by default )
SET SA-keepAlives
FGT
config vpn ipsec phase1-interface
edit "FGT2SONIC" set interface "port1" set nattraversal disable set keylife 28800 set proposal aes128-md5 set dpd disable set dhgrp 5 set remote-gw x.x.x.x <-sonic wall address set psksecret dellsonicwall <-use a strong PSK next end
config vpn ipsec phase2-interface
edit "FGT2SONICP2" set phase1name "FGT2SONIC" set proposal aes128-sha1 set pfs disable set keepalive enable set auto-negotiate enable set keylifeseconds 3600 set src-subnet 10.11.0.0 255.255.255.0 set dst-subnet 10.10.0.0 255.255.255.0 next
config router static
edit 777
set dst 10.10.0.0/24
set dev FGT2SONIC
end
And apply your firewall policies
config firewall adress
edit local
set subnet 10.11.0.0/24
next
edit remote
set subnet 10.10.0.0/24
end
config firewall policy
edit 0
set srcintf port5
set dstintf FGT2SONIC
set srcaddr local
set dstaddr remote
set action accept
set schedule always
set logtraffic all
set service PING
set comment " for pings"
end
;)
PCNSE
NSE
StrongSwan
PCNSE
NSE
StrongSwan
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hi all
Can help me on this now i am geeting this error gotm sonicwall
IKE Initiator: Proposed IKE ID mismatch
Related Posts
- Port forward fail 88 Views
- Site to Site VPN from Forigate... 657 Views
- Migrating from Sonicwall - Multiple Ports... 303 Views
- Connect 3 point 363 Views
- Firewall Suitability 60F or 100F 515 Views
Labels
-
FortiGate
6,750 -
FortiClient
1,342 -
5.2
801 -
5.4
639 -
FortiManager
580 -
FortiAnalyzer
425 -
6.0
416 -
5.6
362 -
FortiSwitch
345 -
FortiAP
344 -
FortiClient EMS
274 -
FortiMail
262 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
160 -
6.4
128 -
FortiNAC
110 -
FortiGuard
108 -
FortiSIEM
92 -
FortiGateCloud
88 -
IPsec
85 -
FortiCloud Products
85 -
FortiToken
73 -
Customer Service
70 -
SSL-VPN
69 -
4.0MR3
64 -
Wireless Controller
62 -
FortiProxy
47 -
FortiADC
44 -
FortiEDR
41 -
Fortivoice
41 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
33 -
FortiSandbox
33 -
SD-WAN
33 -
FortiSwitch v6.4
30 -
Firewall policy
30 -
High Availability
24 -
FortiConnect
24 -
VLAN
23 -
FortiAuthenticator
22 -
FortiWAN
22 -
FortiConverter
21 -
ZTNA
20 -
FortiPortal
18 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
Certificate
16 -
FortiMonitor
14 -
SAML
14 -
BGP
14 -
Interface
14 -
Logging
14 -
DNS
13 -
FortiGate v5.0
13 -
FortiDDoS
13 -
LDAP
12 -
Routing
12 -
FortiCASB
12 -
VDOM
12 -
fortilink
11 -
RADIUS
10 -
Virtual IP
10 -
FortiRecorder
10 -
FortiWeb v5.0
9 -
Authentication
9 -
SSL SSH inspection
9 -
Traffic shaping
9 -
FortiManager v5.0
9 -
NAT
9 -
4.0MR2
9 -
SSID
8 -
SSO
8 -
Application control
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
FortiAnalyzer v5.0
7 -
Fortigate Cloud
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
IP address management - IPAM
7 -
Security profile
6 -
FortiBridge
6 -
SNMP
6 -
Web profile
6 -
Proxy policy
5 -
Traffic shaping policy
5 -
FortiAP profile
5 -
Web application firewall profile
5 -
FortiTester
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
IPS signature
4 -
Packet capture
4 -
Antivirus profile
4 -
Automation
4 -
WAN optimization
4 -
DNS Filter
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Port policy
4 -
FortiToken Cloud
3 -
DoS policy
3 -
Email filter profile
3 -
Web rating
3 -
Intrusion prevention
3 -
FortiDB
3 -
trunk
3 -
FortiDeceptor
2 -
System settings
2 -
FortiInsight
2 -
NAC policy
2 -
Fortinet Engage Partner Program
2 -
Users
2 -
Traffic shaping profile
2 -
FortiPAM
2 -
VoIP profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
Protocol option
2 -
4.0MR1
1 -
TACACS
1 -
Replacement messages
1 -
Subscription Renewal Policy
1 -
Schedule
1 -
FortiCWP
1 -
FortiNDR
1 -
SDN connector
1 -
Application signature
1 -
Authentication rule and scheme
1 -
FortiManager-VM
1 -
Internet Service Database
1 -
Fabric connector
1 -
Multicast routing
1 -
Explicit proxy
1 -
Zone
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.