Hi all,
I am trying to build up a VPN with Fortigate these days.
And find something interesting.
I just configure the Fortigate as Third party devices on the SMS,
put the Fortigate and my CheckPoint gateway to the same Star Community,
define both site Firewall Phase2 local and remote networks and confirm they are the same but reversed.
using the same encryption method for both Firewalls,
and set them up as the Main mode.
VPN is then up, but traffic is not working as expected.
No traffic can be found on Fortigate side.
The debug on the Fortigate finds that
The Checkpoint comes with TWO proxy ID:
The first one: both local and remote networks
The seond one: the Checkpoint wan IP and Fortigate wan IP for the VPN buildup
Even if add one more Phase 2 on Fortigate trying to match the CheckPoint announced one, no luck.
Then I try to change using aggressive mode for both sites.
This time comes with only one proxy ID from the CheckPoint during Fortigate debug:
The only one ID: 0.0.0.0/0 for both local and remote
So, I follow it and change Fortigate site VPN phase 2 proxy ID to only one and is 0.0.0.0/0 as well.
Traffic is now good and able to pass throught the VPN.
I just wonder Why!?