cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question
TAEKBOM_Kim
Nickel

IPsec VPN between fortigate(v5.6) and CheckPoint(R80.10)

Jump to solution

Hi all,

I will configure site to site IPsec between VPN fortigate(v5.6) and CheckPoint(R80.10).
I wonder Is it possible?

No.1
=> Has anyone configured IPsec VPN between fortigate and CheckPoint(R80.10)?
  :


No.2
=> Can I get some resources? How to configure IPsec VPN between fortigate and CheckPoint(R80.10).

  :


Thank you!!

1 Solution

Accepted Solutions

Re: IPsec VPN between fortigate(v5.6) and CheckPoint(R80.10)

Jump to solution

Hi,

should work for the most cases...

more:

How to set up a Site-to-Site VPN with a 3rd-party remote gateway 

Daniel

0 Kudos
3 Replies

Re: IPsec VPN between fortigate(v5.6) and CheckPoint(R80.10)

Jump to solution

Hi,

should work for the most cases...

more:

How to set up a Site-to-Site VPN with a 3rd-party remote gateway 

Daniel

0 Kudos

Re: IPsec VPN between fortigate(v5.6) and CheckPoint(R80.10)

Jump to solution

Fortinet boxes are quite picky about what Proxy-IDs/subnets they will accept in an IKE Phase 2 proposal sent by a Check Point.  You will almost certainly need to make the user.def modifications described in Scenario 1 of sk108600: VPN Site-to-Site with 3rd party.  Juniper and Sonicwall devices are similarly picky.

 

--
Second Edition of my "Max Power" Firewall Book
Now Available at http://www.maxpowerfirewalls.com

"IPS Immersion Training" Self-paced Video Class
Now Available at http://www.maxpowerfirewalls.com
0 Kudos

Re: IPsec VPN between fortigate(v5.6) and CheckPoint(R80.10)

Jump to solution

VPN between Checkpoint and FortiGate works fine.

In the past when configuring VPN between Checkpoint and Juniper ScreenOS gateways, i just configured Phase 2 using Proxy-ID local net 0.0.0.0/0.0.0.0 remote net 0.0.0.0/0.0.0.0 on the ScreenOS site and set Tunnel management to "One VPN tunnel per Gateway pair" to let the Checkpoint use the same proxy-ID. This is not the best choice but it was the easiest and it worked. Same on FortiGate gateways.

and now to something completely different