You actually only need one rule on the Fortigate. It should be Source Interface (dmz if that is the internal lan) Source Lan IP -to- Destination Interface (WAN1 or whatever would be your external interface) Destination LAN ip source.
Were it should be permit make sure that you select IPSEC Also on your source address for your phase 2 make sure that that is the INTERNAL ip not a Public ip. It should be the same for your internal Rick On Tue, 2008-11-18 at 08:08 +1300, Simon wrote: > On Mon, Nov 17, 2008 at 5:21 PM, Rick Whittington > <[EMAIL PROTECTED]> wrote: > > > No problem I will see what I can do. I have a FGT 60. Can you send me the > > logs from the Fortinet when it tries to connect. Besides the phase 1 and 2 > > on the fortinet have you also set up the rules for encryption? I am still > > learning the Endian FW but I can still help you on the FGT side > > Thanks for the reply.. we have had partial sucess here with both > Endian and FGT saying that the link is up. Setup on the FGT i have: > > Phase 1 and Phase 2 IPSEC setup thus: > http://www.nzlocal.com/simon/Capture1.JPG > http://www.nzlocal.com/simon/Capture2.JPG > A firewall policy for ALL/ALL/Always/ANY from IPSEC to dmz1 > A firewall policy for ALL/ALL/Always/ANY from dmz1 to IPSEC > > Then i have the Endain FW setup thus (its not enabled at the moment): > http://www.nzlocal.com/simon/Capture3.JPG > http://www.nzlocal.com/simon/Capture4.JPG > http://www.nzlocal.com/simon/Capture5.JPG > > When it connects, it stays connected, but i can get to the subnet that > i entered into Quick Mode Selector Source address on the FGT / Endain > Remote Subnet. > > Any further ideas, am i missing something here? > > Thanks, > > Simon > > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer's challenge > Build the coolest Linux based applications with Moblin SDK & win great prizes > Grand prize is a trip for two to an Open Source event anywhere in the world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _______________________________________________ > Efw-user mailing list > Efw-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/efw-user ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
