IPSEC Fortigate/Fortinet VPN Config

  1. Add VPN profile to both sides with same PreShared Key

2020-01-07_23-39-50.png

 

 

2) Add Static Routes on both sides to each other’s Subnets via the VPN Connection Interface created in Step 1

3) Add Policies

WAN->VPN Connection Interface created in Step 1 ( without NAT ) 

VPN Connection Interface created in Step 1 -> All  ( without NAT ) 

 

 

 

***********

DES and 3DES does not need as strong a DH group, however DES and 3DES should never be used unless you are under some encryption restriction based on country restriction.  AES should use a stronger DH Group.  If you are using encryption or authentication algorithms with a 128-bit key, use Diffie-Hellman groups 19, 20. If you are using encryption or authentication algorithms with a 256-bit key or higher, use Diffie-Hellman group 21. RFC 5114 Sec 4 states DH Group 24 strength is about equal to a modular key that is 2048-bits long, that is not strong enough to protect 128 or 256-bit AES, you should stay away from 24.

GD Star Rating
loading...
GD Star Rating
loading...

Tags: Fortigate, Fortinet, ipsec, VPN

Trackback from your site.