Back
Site-to-Site VPN Between FortiGate and SonicWall using DDNS

Site-to-Site VPN Between FortiGate and SonicWall using DDNS

Site to Site VPN is connection between two or more networks used widely by enterprises to leverage Internet connection between private traffic in lieu of using private MPLS circuits. Site to site VPNs used by enterprises offices dispersed across geo locations which need to access and use corporate networks. 

In today’s topic we will learn about configuring site to site VPN between Fortigate and SonicWall using dynamic DNS as a peer. Site to site VPN use to provide uninterrupted and secure communication. 

Related: Introduction to Sonicwall Firewall

Establish: Site-to-site VPN between FortiGate and SonicWall with Dynamic DNS 

Let’s look at the prerequisites before we start the configuration steps.

  • Admin access to both FortiGate and SonicWall firewall interfaces
  • FortiGate version 6.x or beyond
  • SonicWall version 6.x or beyond 
  • Networking and firewall basic configuration 
  • Active dynamic DNS account for both devices

Step 1: Configure FortiGate DDNS and FortiGate

  1. Goto network 🡪 DNS 
  2. Enable FortiGuard DDNS
  3. Choose the interface having dynamic connection
  4. Choose server having an account
  5. Enter unique location
  6. Click Apply

To configure DDNS using CLI 

config system ddns

    edit 1

        set ddns-server FortiGuardDDNS

        set ddns-domain “branch.float-zone.com”

        set monitor-interface “wan1”

    next

end

Goto VPN🡪 IPSec tunnels. Create a new tunnel and for the remote gateway select ‘Dynamic DNS’ and provide SonicWall remote DDNS name and choose the external interface (WAN) which is required to communicate to SonicWall.

Select ‘Aggressive Mode’ and under ‘Peer options’ 🡪 Accept types, select ‘Specific peer ID’ and in ‘Peer ID’ field provide SonicWall remote DDNS name. 

In ‘Phase 1 (P1) proposal, ensure all proposals selections are corresponding to proposals of SonicWall. The local ID field provides the FortiGate Dynamic DNS name. 

Configure ‘Local address’ and ‘Remote address’ to mention traffic of interest between local and remote sites and selected networks ensured to match as defined in SonicWall interface. 

In Phase 2 (P2) proposals selections are corresponding to proposals in SonicWall. Enable Auto-negotiate to ensure proper functioning. 

Step 2: Configure SonicWall DDNS and SonicWall

  1. Login into SonicWall management interface 
  2. Choose Network in navigation menu
  3. Choose DNS 🡪 Dynamic DNS 
  4. Click on ‘Add’ 
  5. ‘Add DNS profile is displayed’ 
  6. Click Ok 
  7. Check if profile is ‘Enabled’ and status shown as On-line and correct IP is reflecting 

Once DNS is working fine, then setup the DDNS to allocate a domain name to SonicWall external interface (WAN) which will act as a peer to FortiGate device. 

  1. To setup VPN goto Wizard section and choose “VPN Guide’ 
  2. Select site-to-site VPN option
  3. Fill the form by choosing the name for ‘Policy name’. Activate ‘I know my remote peer address or FQDN option and provide FortiGate Dynamic DNS name in ‘Remote Peer IP address’ or FQDN. Choose ‘Next’. 
  4. In ‘Network selection’ tab choose ‘local’ and ‘destination network’
  5. In the ‘destination’ network (If not set up yet), create by selecting the ‘create new address object’ option from the drop down menu.
  6. Provide ‘Name’, select ‘Appropriate zone assignment’ and ‘type’ and provide destination network and mask and save. 
  7. After selecting desired local and destination network click next 
  8. Select appropriate proposals and ensure they are matching FortiGate configuration 
  9. Click Apply 
  10. Under VPN section choose ‘Rules and settings’ and edit the tunnel
  11. Modify both local and peer IKE IDEs from IPv4 address to domain name
  12. Enter the SonicWall Dynamic DNS name for ‘local IKE ID’ and FortiGate Dynamic DNS name for ‘Peer IKE ID’.
  13. Review all configurations 
  14. Select appropriate ‘Local network’ and ‘destination network’ to mention traffic of interest between local and remote sites 
  15. Selected networks need to match as defined in FortiGate

To verify and test go to FortiGate:

monitor 🡪 IPSec Monitor

VPN shall appear as active

Continue Reading:

IPSec VPN Configuration: Fortigate Firewall

Site to Site VPN Configuration on FTD

Tag:,

Rashmi Bhardwaj

I am here to share my knowledge and experience in the field of networking with the goal being - "The more you share, the more you learn."

I am a biotechnologist by qualification and a Network Enthusiast by interest. I developed interest in networking being in the company of a passionate Network Professional, my husband.

I am a strong believer of the fact that "learning is a constant process of discovering yourself."
- Rashmi Bhardwaj (Author/Editor)

You may also like

Simplifying Power over Ethernet PoE Installation
Simplifying Power over Ethernet PoE Installation
19 November, 2024
Cloudflare – What is it
What is Cloudflare? Working, Uses, Pros & Cons
14 November, 2024
Configure DHCP Relay Traffic to Use SD-WAN Rules
Configure DHCP Relay Traffic to Use SD-WAN Rules
12 November, 2024

Leave A Reply

Your email address will not be published. Required fields are marked *

18 − three =

Select your currency
USD United States (US) dollar
INR Indian rupee