To create on Network> IKE Crypto click Add and create the following information: We will create IKE Crypto ie Phrase 1 for the VPN connection. Press Commit and OK to save the configuration changes. Tab General: Click Add and select the vlan ports (LAN port), ethernet1/1 (internet port) and tunnel.2 (the tunnel used to connect the VPN).Ĭlick Add to add static routes and fill in the following information:.To create Virtual Routers go to Network > Virtual Routers> click Add and configure the following information. To create go to Network> Interface> Tunnel. We will create the Address Object for 2 LAN layers of Palo Alto and Fortinet devices.Ĭlick Add and create according to the following parameters. We need to create zones for the VPN connections.Ĭlick Add and create the following information: Outgoing Interface: Floor B (This is interface LAN 1).Incoming Interface: Select VPN Tunnels VPN_FG_2_PA just created.The policy configuration allows traffic from Palo Alto’s LAN network to pass through Fortinet’s LAN network according to the following parameters: Log Allowed Traffic: turn on and select All Session.Outgoing Interface: Select VPN Tunnels VPN_FG_2_PA just created.Incoming Interface: Floor B (This is LAN interface 1).To create the policy go to Policy & Objects> IPv4 Policy and click Create New.Ĭonfigure the policy to allow traffic from Fortinet’s LAN network to pass through Sophos’s LAN network according to the following parameters: We need to create a policy so that the VPN connection can access Fortinet’s LAN and vice versa. Interface: select IPSec tunnels VPN_FG_2_PA just created.Destination: Enter the LAN network of the Palo Alto PA-220 device as 10.146.41.0/24.To create go to Network> Static Routes and click Create New.Ĭonfigure according to the following parameters: We need to create a static route to route the outbound route to Palo Alto’s LAN layer through the VPN connection we just created for the Fortinet firewall device. Enable Perfect Forward Secrecy: uncheckĬlick OK to IPSec Tunnels.Click Advanced… to show Phrase 2 Proposal.Remote Address: Select Subnet and fill in LAN network 10.146.41.0/24 of Palo Alto.Local Address: Select Subnet and fill in LAN network 192.168.2.0/24 of Fortinet.
#PALO ALTO NETWORKS VPN TUNNEL MONITOR PASSWORD#
Pre-shared Key: enter the password to establish the VPN connection (note that this password must be set the same on both Palo Alto and Fortinet devices).According to the diagram choose WAN1 port Interface: select the WAN port of the Fortinet device used to establish the VPN connection.IP Address: Enter the WAN IP of the Palo Alto PA-220 device as 113.161.93.x.We will configure the Network table with the following parameters: The VPN Create Wizard panel appears and enter the following configuration information: To create VPN Tunnels go to VPN> IPSec Tunnels> click Create New. We will configure IPSec VPN Site-to-Site between Palo Alto PA-220 and Fortinet FG 81E so that the LAN layer of both sites is 10.146.41.0/24 and 192.168.2.0/24 can connect together. Next is the 192.168.2.0/24 LAN layer configured at port 1 of the Fortinet FG 81E device.We have an internet connection connected to WAN port 1 of Fortinet FG 81E firewall with a static WAN IP of 203.205.26.x using the media converter.Next is the LAN layer 10.146.41.0/24 configured at port 2 of the Palo Alto PA-220 device.We have an internet connection that is connected to port 1 of the Palo Alto PA-220 device with a static WAN IP of 113.161.93.x using the media converter.
0 kommentar(er)
