Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.
Hello there.
I have doing some labs and until now I have achieved to make a Sophos-Sophos and Forti-Forti Ipsec tunnel. However I am trying to make a Sophos XG-Fortigate IPSEC tunnel but my tunnel does not wake up.
I have followed this guide and configure my tunnel according to it.
Can you help me to fix this?
please show this unfolded:
hello, we have this
We have also tried to make a new IKEV2 profile using only these numbers
but its not working also.
On XG, check /log/charon.log (from CLI), if you see only below log if the IPsec tunnel is set to Initiator, most likely some configs need to be checked on Fortigate; even with single config missing on Fortigate, it will not respond to the packet from XG.
sending packet: from <ip address of XG>[500] to <ip address of Fortigate>[500]
On Fortigate, Your policy config(these are the packet forwarding rules) should look like below:
Policy & Objects: IPv4 policy:
Incoming interface: LAN port of Fortigate where 192.168.100.0/24 is configured.
Outgoing interface: WAN port of Fortigate talking to XG
Action: this should have IPSec option, once IPsec is chosen, you will be prompted to enter the tunnel name - chose the tunnel name; also turn ON 'Allow traffic to be initiated from remote side' option (this will serve as packet filtering policy from WAN to LAN side on Fortigate)
To have IPsec option in the Action, Enable this on Fortigate: From System : Feature Select : Additional Features : Policy-based IPsec VPN
