Configuring an IPSec tunnel between a Palo Alto firewall and a FortiGate firewall involves several steps. Here is an overview of the steps involved:
  1. Configure the Phase 1 settings on both firewalls.
  2. Configure the Phase 2 settings on both firewalls.
  3. Create policies to allow traffic to pass through the tunnel.
  4. Configure the firewall security settings to allow IPSec traffic.
Here are the detailed steps to configure an IPSec tunnel between a Palo Alto and FortiGate firewall:
  1. Configure the Phase 1 settings on both firewalls:
On the Palo Alto firewall:
  • Go to Network > IPSec Tunnels and click Add.
  • Enter a name for the tunnel and select the Virtual Router to use.
  • Select IKEv1 or IKEv2 as the protocol.
  • Enter the IP address of the FortiGate firewall in the Peer IP field.
  • Enter the shared secret for Phase 1 authentication in the Pre-Shared Key field.
  • Select the desired DH group and encryption algorithm for Phase 1.
  • Select the desired authentication method for Phase 1 (either pre-shared key or certificate-based).
  • Click OK to save the settings.
On the FortiGate firewall:
  • Go to VPN > IPSec Tunnels and click Create New.
  • Enter a name for the tunnel and select the Remote Gateway.
  • Select IKEv1 or IKEv2 as the protocol.
  • Enter the IP address of the Palo Alto firewall in the IP Address field.
  • Enter the shared secret for Phase 1 authentication in the Pre-Shared Key field.
  • Select the desired DH group and encryption algorithm for Phase 1.
  • Select the desired authentication method for Phase 1 (either pre-shared key or certificate-based).
  • Click OK to save the settings.
  Read More 
  1. Configure the Phase 2 settings on both firewalls:
On the Palo Alto firewall:
  • Go to the IPSec tunnel configuration and click Add under Phase 2.
  • Enter a name for the Phase 2 configuration.
  • Select the local and remote subnets.
  • Select the desired encryption algorithm and DH group for Phase 2.
  • Click OK to save the settings.
On the FortiGate firewall:
  • Go to the IPSec tunnel configuration and click the Edit icon for Phase 2.
  • Enter a name for the Phase 2 configuration.
  • Select the local and remote subnets.
  • Select the desired encryption algorithm and DH group for Phase 2.
  • Click OK to save the settings.
  1. Create policies to allow traffic to pass through the tunnel:
On the Palo Alto firewall:
  • Go to Policies > Security and click Add.
  • Configure the policy to allow traffic from the local subnet to the remote subnet over the IPSec tunnel.
  • Click OK to save the policy.
On the FortiGate firewall:
  • Go to Policy & Objects > IPv4 Policy and click Create New.
  • Configure the policy to allow traffic from the local subnet to the remote subnet over the IPSec tunnel.
  • Click OK to save the policy.
  1. Configure the firewall security settings to allow IPSec traffic:
On the Palo Alto firewall:
  • Go to Device > Setup > Session and enable the IPSec option.
  • Click OK to save the settings.
On the FortiGate firewall:
  • Go to System > Feature Visibility and enable the IPSec VPN option.
  • Click Apply to save the settings.
Once these steps are completed, the IPSec tunnel should be up and running between the Palo Alto and FortiGate firewalls.   Learn via Youtube

Author Profile

Nickajay
Nickajay