Scribd Logo
Unggah

Selamat datang di Scribd!

  • SonicOS Enhanced To Fortinet FortiWiFi 60

    Diunggah oleh

    Blueil
    9 tayangan10 halaman
    Instruçoes para conexão vpn de um fortigate para o sonicwall.

    Judul Asli

    SonicOS Enhanced to Fortinet FortiWiFi 60

    Hak Cipta

    © Attribution Non-Commercial (BY-NC)

    Format Tersedia

    PDF, TXT atau baca online dari Scribd

    Apakah menurut Anda dokumen ini bermanfaat?

    Apakah konten ini tidak pantas?

    Laporkan Dokumen Ini
    Instruçoes para conexão vpn de um fortigate para o sonicwall.

    Hak Cipta:

    Attribution Non-Commercial (BY-NC)
    Unduh sebagai PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    9 tayangan10 halaman

    SonicOS Enhanced To Fortinet FortiWiFi 60

    Diunggah oleh

    Blueil
    Instruçoes para conexão vpn de um fortigate para o sonicwall.

    Hak Cipta:

    Attribution Non-Commercial (BY-NC)
    Unduh sebagai PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    dari 10

    VPN

    SonicOS Enhanced to Fortinet FortiWiFi-60

    Deployment Scenario:

    SonicOS Enhanced 3.1.0.11 Log into the SonicWALLs Management GUI using a current Web browser.

    The address objects will be created first. From the navigation bar on the left, click on Network and then Address Objects, this will bring up the Network > Address Objects page. In the Address Objects section, click on Add to create an address object for the Primary LAN Network connected to the Fortinet FortiWiFi-60.

    With this a popup window will appear where a new Address Object can be created within. Name: fortinet Zone Assignment: VPN Type: Network Network: 192.168.1.0 Netmask: 255.255.255.0 Click OK to finish.

    This will provide all the address objects needed to create a VPN SA between the LAN of the SonicWALL unit and the LAN of the Fortinet FortiWiFi-60 unit. From the navigation bar on the left, click on VPN, this will bring up the VPN > Settings page. In the VPN Global Settings section, make sure the Enable VPN radio button is selected. In the VPN Policies section, click on Add to create the new VPN policy for the Fortinet FortiWiFi-60.

    The VPN Policy window will then appear. On the General tab page, Security Policy section, select IKE using Preshared Secret from the IPSec Keying Mode: dropdown box.

    Name: "Fortinet" IPSec Primary Gateway Name or Address: 67.115.118.75 Shared Secret: preshared Local IKE ID: IP Address <Empty> Peer IKE ID: IP Address <Empty>

    Next select the Network tab. In the Local Networks section, select the radio button next to Choose local network from list and select "LAN Primary Subnet" from the dropdown box. In the Destination Networks section, select the radio button next to Choose destination network from list and select "fortinet" from the dropdown box.

    Next select the Proposals tab. The default values should be correct. Verify that all values are correct. IKE (Phase 1) Proposal Exchange: DH Group: Encryption: Authentication: Life Time (seconds):

    Main Mode Group 2 3DES SHA1 28800

    Ipsec (Phase 2) Proposal Protocol: ESP Encryption: 3DES Authentication: SHA1 DH Group Group 2 Life Time (seconds): 28800 Do not enable Perfect Forward Security.

    Next select the Advanced tab. Make sure that the option Enable Keep Alive All other options can be left as they are. Click the OK button.

    This completes the settings on the SonicWALL unit installed.

    Fortinet FortiWiFi-60 Setup Log into the Fortinet FortiWiFi-60 Management GUI using a current Web browser.

    Within the Fortinet it isnt necessary to create a VPN SA using Address objects already created therefore we will start by creating the VPN SA before adding any Network Address Object into the Fortinet device.

    From the navigation bar on the left, click on VPN, this will bring up the VPN > IPSEC page. In the Phase 1 section, click on Create New to create the new VPN Phase 1 policy for the SonicWALL unit. Now it is necessary to specify the Phase 1 settings which are also available on the SonicWALL unit. Verify that all values are correct.

    IKE (Phase 1) Proposal

    Gateway Name: Remote GW: IP Address: Mode: Authentication Method: Pre-shared Key: Advanced Settings Encryption: Authentication: DH Group: Life Time (seconds):

    sonicwall Static IP 83.160.31.204 Main Mode Preshared Key preshared

    3DES SHA1 Group 2 28800

    NOTE: Within the Phase 1 Advanced settings there will be 2 Encryptions pre-specified, therefore it is necessary to remove the second pre-specified Encryption.

    After Phase 1 is configured then it is necessary to set Phase 2. Click on Phase 2 and press the Create New button, when this is done specify the settings for the Phase 2 as they have been set on the SonicWALL Unit. Verify that all values are correct. Ipsec (Phase 2) Proposal

    Tunnel Name: Remote Gateway: Advanced Settings Encryption: Authentication: DH Group: Life Time (seconds): Internet browsing: Quick Mode Identities:

    sonicwall sonicwall (this is to be selected from the drop down menu)

    3DES SHA1 Group 2 28800 None Use selectors from policy

    NOTE: Within the Phase 2 Advanced settings there will be 2 Encryptions pre-specified, therefore it is necessary to remove the second pre-specified Encryption.

    Within the Fortinet it is normal to bind the Private Networks of both LANs via Firewall Policies to the VPN SAs . For this it is necessary to have Network Objects created which can be used in the Firewall Policies. From the navigation bar on the left select Firewall >Address to define the IP source address of the Network behind the Fortinet unit and to define the remote destination Network object.

    Now it is necessary to specify an address object for the local LAN (where the VPN SA needs to be terminated on). Press the create button and enter: Address Name: Fortinet-lan IP Range/Subnet: 192.168.1.0/255.255.255.0

    This will generate a Network object for the Fortinet LAN, a similar address object needs to be created for the LAN of the SonicWALL device. Press the create button and enter: Address Name: sonicwall-lan IP Range/Subnet: 192.168.27.0/255.255.255.0

    Now the VPN SAs have been created and the Address Objects for both LAN networks, to have the traffic allowed over the VPN it is necessary to have Policies created which allow the traffic over the VPN SAs.

    From the navigation bar on the left, click on Firewall, this will bring up the Firewall > Policy page. Click on Create New to create the new policy for the VPN SA traffic. First we create the Policy from the Fortinet LAN to the SonicWALL LAN,

    Source Destination Interface/Zone: internal wan-1 Adress Name : Fortinet-lan sonicwall-lan Schedule : always Service: ANY Action: ENCRYPT (Encrypt is to bind this policy to a VPN SA) VPN Tunnel: sonicwall (from drop down menu) Select the radio button Allow inbound Select the radio button Allow outbound

    With this we have allowed traffic from the Fortinet LAN to the SonicWALL LAN, therefore we need to create a similar policy for the traffic coming from the SonicWALL UTM appliance.

    Source Destination Interface/Zone: wan-1 internal Adress Name : sonicwall-lan Fortinet-lan Schedule : always Service: ANY Action: ENCRYPT (Encrypt is to bound this policy to a VPN SA) VPN Tunnel: sonicwall (from drop down menu) Select the radio button Allow inbound Select the radio button Allow outbound

    Now it is only necessary to send traffic across the VPN to the other side to have the VPN Up and Running.

    Anda mungkin juga menyukai