Just go to Network > Virtual Routers > Default > Static Routes > Add. Now, you need to provide a static route for Peer end Private Network. You need to Go Policies > Security > Add to define a new Policy.Ĭonfiguring Route for Peer end Private Network Now, you need to create a security profile that allows the traffic from VPN Zone to Trust Zone. In this scenario, I’m using 192.168.1.0/24 and 192.168.2.0/24 in LAN Networks.Ĭreating the Security Policy for IPSec Tunnel Traffic Go to the Proxy IDs Tab, and define Local and Remote Networks. Select the profiles for IKE Gateway and IPSec Crypto Profile, which defined in Step 3 and Step 5 respectively. Next, select the tunnel interface, which defined in Step 2. Define the user-friendly name for IPSec Tunnel. We have defined IKE Gateway and IPSec Crypto profile for our IPSec Tunnel. Define the Local and Peer IP address in the Local Identification and Peer Identification field.Ĭlick on Advanced Option, In IKEv1, select IKE Crypto Profile, which defines in Step 3. Define the Pre Shared key next and note down the key because you need it to define in FortiGate Firewall. In this scenario, I’m using the Pre-shared Key. Define the peer address, in my case 12.1.1.2. In Interface filed, you need to define your Internet-facing Interface, In my case, ethernet 1/1, which has 11.1.1.2 IP Address. In General Tab, You need to define the name of the IKE Gateway Profile. Now, you need to go Network > Network Profiles > IKE Gateways > Add. You can change it as per your requirement. Then, define the DH Group, Encryption and Authentication Method.
You have ESP (Encapsulation Security Protocol) and AH (Authentication Heade) protocol for IPSec. Select the IPsec Protocol as per your requirement. Here, you need to give a friendly name for the IPSec Crypto profile. You need to go Network > Network Profiles > IPSec Crypto > Add. Now, you need to define Phase 2 of the IPSec Tunnel. In this example, I’m going two random public IP addresses on both Palo Alto and FortiGate Firewall, which are reachable from each other.ĭefining the IPSec Crypto Profile You must need Public IP between Palo Alto and FortiGate Firewall. IPSec Tunnel Scenario for Palo Alto and FortiGate Firewall
Configuring Route for Peer end Private Network.Creating the Security Policy for IPSec Tunnel Traffic.Creating a Tunnel Interface on Palo Alto Firewall.Creating a Security Zone on Palo Alto Firewall.Steps to configure IPSec Tunnel in Palo Alto Firewall.IPSec Tunnel Scenario for Palo Alto and FortiGate Firewall.