Watchguard V60 and Fortigate 60 VPN
Watchguard V60 and Fortigate 60 VPN
Watchguard V60 and Fortigate 60 VPN
page 1
Both of the computers are running Windows XP. The environment consists of two network segments like: Network Watchguard IP: Mask: Router: 192.168.1.0 255.255.255.0 192.168.1.254
page 2
The first thing we must do is to configure the IKE Policy (Phase 1). From main menu in the Watchguard Vcontroller select IKE Policy. Give it a nice name like Watchguard - Fortigate
page 3
Fill in information like: Name: Mode: Enable NAT Traversal Watchguard - Fortigate Main
IKE Transforms Authentication Type: DH Group: Encryption Algorithm: Hash Algorithm: Lifetime Life Length:
Pre-shared key IKE MODP 1024 (DH Group 2) DES MD5 24 Hour 0 Kbyte
page 4
Make sure that Peer Authentication ID is set for ANY. Fill in the Pre-shared key string and confirm the key.
page 5
Fill in Edit IPSec Action like: Mode: Peer Tunnel Address Group: Perfect Forward Secrecy DH Group: Tunnel Fortigate IKE MODP 1024 (DH Group 2)
Select New form the Select Proposals list and fill in like: Name: Anti Replay Window: ESP DES-MD5 0 (Disabled)
page 6
Click Done three times to get back to the IPSec Action window again. Now were done with the Phase configurations.
page 7
. Choose Insert from the menu and give the new policy a name. Then fill in as seen below:
page 8
Firewall: Pass IPSec: Watchguard Fortigate Enable Gateway to Gateway VPN NAT / Load Balancing: No NAT Action Click Done to finish the policy. Now the Watchguard side is ready for some action. Lets move over to the Fortigate side.
page 9
The first thing we must do is to configure Phase 1 (IKE) configuration. From the menu select VPN and IPSEC. Click Create Phase 1.
page 10
Advanced settings 1-Encryption: DES Authentication: MD5 DH Group: 1, 2, 5 Key Life: 86400 seconds Xauth Disable NAT traversal Enable Dead Peer Detection Disable
page 11
192.168.2.0/24 192.168.1.0/24
In order to get packets through our VPN there must be an encryption rule defining from and to which networks to do encryption and by which IPSec policy.
Johan Engdahl 2007 page 12
page 13
page 14
page 15