Site-to-Site VPN Setup between FortiGate and SonicWall: Complete Config, Firewall Rules & Live Tests
Table of Contents
Introduction
This tutorial provides a comprehensive guide to setting up a site-to-site VPN between a FortiGate and SonicWall firewall. By following this step-by-step process, you will learn how to configure VPN tunnels, set appropriate firewall rules, and test connectivity to ensure a secure connection between your networks. Whether you are new to VPNs or looking to enhance your skills, this guide will help you achieve a reliable setup.
Step 1: Configure the VPN Tunnel on FortiGate
-
Log in to the FortiGate Management Interface:
- Access the web interface using your browser.
- Enter your admin credentials.
-
Create a New VPN Tunnel:
- Navigate to VPN > IPsec Tunnels.
- Click on “Create New” and select “Custom” for the VPN type.
- Name your tunnel (e.g., "FortiGate-SonicWall").
-
Set Basic Configurations:
- Remote Gateway: Enter the public IP address of the SonicWall.
- Interface: Choose the WAN interface.
- Mode: Select “IKEv2” for better security and performance.
-
Configure Phase 1 Settings:
- Authentication Method: Select "Pre-shared Key" and enter a secure key.
- Select appropriate encryption and authentication algorithms (e.g., AES256/SHA256).
- Set the key lifetime (e.g., 28800 seconds).
-
Configure Phase 2 Settings:
- Enable the Phase 2 selectors.
- Set the Local and Remote Subnet for the networks you want to connect.
- Choose the same encryption and authentication settings as Phase 1.
-
Save the Configuration.
Step 2: Configure the VPN Tunnel on SonicWall
-
Log in to the SonicWall Management Interface:
- Use your web browser to access the SonicWall interface.
- Enter your admin credentials.
-
Create a New VPN Policy:
- Navigate to VPN > Settings.
- Click on “Add” to create a new VPN policy.
-
Set Basic Configurations:
- Name your policy (e.g., "SonicWall-FortiGate").
- Set the policy type to “Site to Site”.
- Enter the public IP address of the FortiGate as the Remote Gateway.
-
Configure IKE Phase 1 Settings:
- Set the authentication method to "Pre-Shared Key" and use the same key as configured on FortiGate.
- Match the encryption and hashing algorithms (e.g., AES256/SHA256).
- Configure the key lifetime to match FortiGate settings.
-
Configure IKE Phase 2 Settings:
- Set the local and remote subnets to match the FortiGate configuration.
- Ensure the encryption and hashing settings are consistent with the FortiGate setup.
-
Save the Configuration.
Step 3: Set Up Firewall Rules on FortiGate
-
Navigate to Firewall Policy:
- Go to Policy & Objects > IPv4 Policy.
-
Create a New Policy:
- Click “Create New” and set the following
- Incoming Interface: Select the VPN tunnel interface.
- Outgoing Interface: Choose the internal network interface.
- Source and Destination: Specify the appropriate networks.
-
Set Action to Allow:
- Ensure the policy permits traffic and enable logging for troubleshooting.
-
Save the Firewall Rule.
Step 4: Set Up Firewall Rules on SonicWall
-
Navigate to Firewall Settings:
- Go to Firewall > Access Rules.
-
Create a New Access Rule:
- Click on “Add” to create a new rule.
- Define the source and destination zones (e.g., VPN to LAN).
-
Configure Allowed Services:
- Select the services you want to allow (e.g., ALL or specific services).
-
Set Action to Allow:
- Ensure the rule allows traffic and enable logging for monitoring.
-
Save the Firewall Rule.
Step 5: Test Connectivity
-
Ping Test:
- Use the command prompt or terminal to ping devices on the opposite network to verify connectivity.
-
Check VPN Status:
- Monitor the VPN status on both FortiGate and SonicWall interfaces to ensure the tunnel is up and running.
-
Check Logs:
- Review logs on both devices to identify any issues or blocked traffic.
Conclusion
By following these steps, you have successfully set up a site-to-site VPN between a FortiGate and a SonicWall. You have configured the necessary tunnels, applied firewall rules, and tested the connectivity between the two networks. For further enhancements, consider exploring advanced features such as traffic shaping or redundancy options for your VPN setup.