{"id":4110,"date":"2019-05-10T04:34:51","date_gmt":"2019-05-10T04:34:51","guid":{"rendered":"https:\/\/pariswells.com\/blog\/?p=4110"},"modified":"2024-02-01T05:56:05","modified_gmt":"2024-02-01T05:56:05","slug":"ipsec-fortigate-fortinet-vpn","status":"publish","type":"post","link":"https:\/\/pariswells.com\/blog\/research\/ipsec-fortigate-fortinet-vpn","title":{"rendered":"IPSEC Fortigate\/Fortinet VPN Config"},"content":{"rendered":"\n
    \n
  1. Add VPN profile to both sides with same PreShared Key<\/li>\n<\/ol>\n\n\n\n
    \"\"<\/figure>\n\n\n\n

     <\/p>\n\n\n\n

    \"\"<\/figure>\n\n\n\n

    USE PFS for Phase 2 Auto Neg<\/strong><\/p>\n\n\n\n

    \"\"<\/figure>\n\n\n\n
    \"\"<\/figure>\n\n\n\n

    2) Add Static Routes on both sides to each other’s Subnets via the VPN Connection Interface created in Step 1<\/p>\n\n\n\n

    3) Add Policies<\/p>\n\n\n\n

    WAN->VPN Connection Interface created in Step 1 ( without NAT ) <\/p>\n\n\n\n

    VPN Connection Interface created in Step 1 -> All  ( without NAT ) <\/p>\n\n\n\n

    ***********<\/p>\n\n\n\n

    DES and 3DES does not need as strong a DH group, however DES and 3DES should never be used unless you are under some encryption restriction based on country restriction.  AES should use a stronger DH Group.  If you are using encryption or authentication algorithms with a 128-bit key, use Diffie-Hellman groups 19, 20. If you are using encryption or authentication algorithms with a 256-bit key or higher, use Diffie-Hellman group 21. RFC 5114<\/a> Sec 4 states DH Group 24 strength is about equal to a modular key that is 2048-bits long, that is not strong enough to protect 128 or 256-bit AES, you should stay away<\/p>\n","protected":false},"excerpt":{"rendered":"

      USE PFS for Phase 2 Auto Neg 2) Add Static Routes on both sides to each other’s Subnets via the VPN Connection Interface created in Step […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[1251,1250,1530,1351],"class_list":["post-4110","post","type-post","status-publish","format-standard","hentry","category-research","tag-fortigate","tag-fortinet","tag-ipsec","tag-vpn"],"aioseo_notices":[],"aioseo_head":"\n\t\t\n\t\n\t\n\t\n\t\n\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t