Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
BlueGrass
Contributor

What are the exact VPN behaviours on Security Gateway if we are using Main and aggressivemode?

Hi all,

 

I am trying to build up a VPN with Fortigate these days.

 

And find something interesting.

 

I just configure the Fortigate as Third party devices on the SMS,

put the Fortigate and my CheckPoint gateway to the same Star Community,

define both site Firewall Phase2 local and remote networks and confirm they are the same but reversed.

using the same encryption method for both Firewalls,

and set them up as the Main mode.

 

VPN is then up, but traffic is not working as expected.

No traffic can be found on Fortigate side. 

 

The debug on the Fortigate finds that

The Checkpoint comes with TWO proxy ID:

The first one: both local and remote networks
The seond one: the Checkpoint wan IP and Fortigate wan IP for the VPN buildup

Even if add one more Phase 2 on Fortigate trying to match the CheckPoint announced one, no luck.

 

Then I try to change using aggressive mode for both sites.

This time comes with only one proxy ID from the CheckPoint during Fortigate debug:

The only one ID: 0.0.0.0/0 for both local and remote

So, I follow it and change Fortigate site VPN phase 2 proxy ID to only one and is 0.0.0.0/0 as well.

 

Traffic is now good and able to pass throught the VPN.

 

I just wonder Why!?

0 Kudos
1 Reply
This widget could not be displayed.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events