Configuring an IPSec tunnel between a Palo Alto firewall and a FortiGate firewall involves several steps. Here is an overview of the steps involved:
- Configure the Phase 1 settings on both firewalls.
- Configure the Phase 2 settings on both firewalls.
- Create policies to allow traffic to pass through the tunnel.
- Configure the firewall security settings to allow IPSec traffic.
- Configure the Phase 1 settings on both firewalls:
- Go to Network > IPSec Tunnels and click Add.
- Enter a name for the tunnel and select the Virtual Router to use.
- Select IKEv1 or IKEv2 as the protocol.
- Enter the IP address of the FortiGate firewall in the Peer IP field.
- Enter the shared secret for Phase 1 authentication in the Pre-Shared Key field.
- Select the desired DH group and encryption algorithm for Phase 1.
- Select the desired authentication method for Phase 1 (either pre-shared key or certificate-based).
- Click OK to save the settings.
- Go to VPN > IPSec Tunnels and click Create New.
- Enter a name for the tunnel and select the Remote Gateway.
- Select IKEv1 or IKEv2 as the protocol.
- Enter the IP address of the Palo Alto firewall in the IP Address field.
- Enter the shared secret for Phase 1 authentication in the Pre-Shared Key field.
- Select the desired DH group and encryption algorithm for Phase 1.
- Select the desired authentication method for Phase 1 (either pre-shared key or certificate-based).
- Click OK to save the settings.
- Configure the Phase 2 settings on both firewalls:
- Go to the IPSec tunnel configuration and click Add under Phase 2.
- Enter a name for the Phase 2 configuration.
- Select the local and remote subnets.
- Select the desired encryption algorithm and DH group for Phase 2.
- Click OK to save the settings.
- Go to the IPSec tunnel configuration and click the Edit icon for Phase 2.
- Enter a name for the Phase 2 configuration.
- Select the local and remote subnets.
- Select the desired encryption algorithm and DH group for Phase 2.
- Click OK to save the settings.
- Create policies to allow traffic to pass through the tunnel:
- Go to Policies > Security and click Add.
- Configure the policy to allow traffic from the local subnet to the remote subnet over the IPSec tunnel.
- Click OK to save the policy.
- Go to Policy & Objects > IPv4 Policy and click Create New.
- Configure the policy to allow traffic from the local subnet to the remote subnet over the IPSec tunnel.
- Click OK to save the policy.
- Configure the firewall security settings to allow IPSec traffic:
- Go to Device > Setup > Session and enable the IPSec option.
- Click OK to save the settings.
- Go to System > Feature Visibility and enable the IPSec VPN option.
- Click Apply to save the settings.
Author Profile

Latest entries
IOSJuly 30, 2023How to use profiles on Safari on ios 17
IOSJune 7, 2023Apple launches iOS 17 with all new features
Tips & TricksMay 14, 2023How to configure ipsec tunnel between Palo alto and Fortigate
ANDROIDMay 14, 2023Samung OneUI 5.1 : Roll Out Soon
0 Comments