IPsec VPN to Fortinet Firewall

talbotc

Hello,
Does anyone have experience with pfSense to Fortinet IPsec VPN.
We have experience with VPN concepts and other 3rd party products establishing VPNs to the Fortinet but, no experience with pfSense.

We have confirmed the usual suspects… aggresive, shared key, etc and matched configuration parameters but VPN is failing to establish.
Fortinet subnet is 10.0.0.0/24
pfSense subnet is 10.0.1.0/28

Any help or insight where to look or how to debug pfSense would be greatly appreciated.

psylo

First, where are the public IP? Directly on the pfSense and the Fortinet or not? In some words, is there any NAT device between them? If it's the case, I think NAT-T (Nat traversal) is supported only in pfSense 1.3 (I don't know if it's by Fortinet). If NAT-T is not supported, don't go further…

If NAT-T is supported, you have to check if port UDP/4500 and UDP/500 are redirected on your firewall (pfSens and Fortinet).

Last, you can dump packets (with tcpdump - man page available on Internet) on the pfSense outside interface to see if packet are arriving from Fortinet...

Hope ths helps.

talbotc

I was able to get this working.
I had to configure local and remote subnets in the fortinet phase2 vpn definition.

Otherwise, it came up instantly.