{"id":4110,"date":"2019-05-10T04:34:51","date_gmt":"2019-05-10T04:34:51","guid":{"rendered":"https:\/\/pariswells.com\/blog\/?p=4110"},"modified":"2024-02-01T05:56:05","modified_gmt":"2024-02-01T05:56:05","slug":"ipsec-fortigate-fortinet-vpn","status":"publish","type":"post","link":"https:\/\/pariswells.com\/blog\/research\/ipsec-fortigate-fortinet-vpn","title":{"rendered":"IPSEC Fortigate\/Fortinet VPN Config"},"content":{"rendered":"\n
    \n
  1. Add VPN profile to both sides with same PreShared Key<\/li>\n<\/ol>\n\n\n\n
    \"\"<\/figure>\n\n\n\n

     <\/p>\n\n\n\n

    \"\"<\/figure>\n\n\n\n

    USE PFS for Phase 2 Auto Neg<\/strong><\/p>\n\n\n\n

    \"\"<\/figure>\n\n\n\n
    \"\"<\/figure>\n\n\n\n

    2) Add Static Routes on both sides to each other’s Subnets via the VPN Connection Interface created in Step 1<\/p>\n\n\n\n

    3) Add Policies<\/p>\n\n\n\n

    WAN->VPN Connection Interface created in Step 1 ( without NAT ) <\/p>\n\n\n\n

    VPN Connection Interface created in Step 1 -> All  ( without NAT ) <\/p>\n\n\n\n

    ***********<\/p>\n\n\n\n

    DES and 3DES does not need as strong a DH group, however DES and 3DES should never be used unless you are under some encryption restriction based on country restriction.  AES should use a stronger DH Group.  If you are using encryption or authentication algorithms with a 128-bit key, use Diffie-Hellman groups 19, 20. If you are using encryption or authentication algorithms with a 256-bit key or higher, use Diffie-Hellman group 21. RFC 5114<\/a> Sec 4 states DH Group 24 strength is about equal to a modular key that is 2048-bits long, that is not strong enough to protect 128 or 256-bit AES, you should stay away<\/p>\n","protected":false},"excerpt":{"rendered":"

      USE PFS for Phase 2 Auto Neg 2) Add Static Routes on both sides to each other’s Subnets via the VPN Connection Interface created in Step […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[1251,1250,1530,1351],"class_list":["post-4110","post","type-post","status-publish","format-standard","hentry","category-research","tag-fortigate","tag-fortinet","tag-ipsec","tag-vpn"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/4110","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/comments?post=4110"}],"version-history":[{"count":6,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/4110\/revisions"}],"predecessor-version":[{"id":7639,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/4110\/revisions\/7639"}],"wp:attachment":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/media?parent=4110"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/categories?post=4110"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/tags?post=4110"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}