Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfSense 2.2.4 to Fortigate 200D

    Scheduled Pinned Locked Moved IPsec
    14 Posts 2 Posters 2.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cmb
      last edited by

      That's route-based IPsec rather than policy based. We don't have support at this time for that type of setup. Fortigate's implementation there often isn't interoperable with third party devices.

      1 Reply Last reply Reply Quote 0
      • F
        froussy
        last edited by

        Ok

        I can recreate the policy as a policy based.. but will I be able to use or do a rule so I can access all the sites connected to the main one?

        1 Reply Last reply Reply Quote 0
        • C
          cmb
          last edited by

          Sure, as long as you have matching P2s for them all.

          1 Reply Last reply Reply Quote 0
          • F
            froussy
            last edited by

            So,

            my main site (200d) have 192.168.4.x and 172.16.1.x.. So I will create P2 for them..

            All the other sites, that are connected to that "hub", are 192.168.2.x 3.x…

            So I create P2 for all of them, under my p1 connection to the main one ?

            1 Reply Last reply Reply Quote 0
            • C
              cmb
              last edited by

              Correct, yeah.

              1 Reply Last reply Reply Quote 0
              • F
                froussy
                last edited by

                Good day,

                so, it should look like I did ?

                Thanks

                20150729_104343.jpg
                20150729_104343.jpg_thumb

                1 Reply Last reply Reply Quote 0
                • C
                  cmb
                  last edited by

                  Yes, looks correct.

                  1 Reply Last reply Reply Quote 0
                  • F
                    froussy
                    last edited by

                    Thanks
                    I will do the same on the 200D tonight (the reverse)

                    i will then try and let you know

                    thanks

                    1 Reply Last reply Reply Quote 0
                    • F
                      froussy
                      last edited by

                      Hi,

                      It worked. I'm now able to reach all my work lan, and from any site i'm able to reach my lan..

                      But.. there is one thing.. and I think it's pfsense that block it.

                      From any router inside my work lan, i cannot reach any of the ip's on my home lan (10.35.1.x) which is my pfsense box.

                      I'm trying to figure out.. it seem pfsense block that.. but how can i find it?

                      But, from pfsense, i can ping/reach any router/ip's anywhere.

                      Any idea?

                      Capture1.JPG
                      Capture1.JPG_thumb
                      Capture2.JPG
                      Capture2.JPG_thumb
                      Capture3.JPG
                      Capture3.JPG_thumb

                      1 Reply Last reply Reply Quote 0
                      • F
                        froussy
                        last edited by

                        Also.. from home, I can RDP anywhere..

                        BUT, from work, i can't RDP to my home computer.. I'm getting conection error..

                        1 Reply Last reply Reply Quote 0
                        • C
                          cmb
                          last edited by

                          You're not blocking anything, assuming it's sourced from one of the listed networks and destined to your LAN subnet. Probably host firewall on your Windows machine, assuming the traffic is being let out from the work side of the VPN.

                          1 Reply Last reply Reply Quote 0
                          • F
                            froussy
                            last edited by

                            Ithere is no firewall on the host..

                            If i put back my original fortigate it word

                            1 Reply Last reply Reply Quote 0
                            • C
                              cmb
                              last edited by

                              Packet capture on the IPsec interface, is it getting there? If so, switch to LAN, it getting there?

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.