Fortigate90D to Check Point NGX R75 IPSEC

RiccardoProti · ‎11-19-2018

Hi,

I have a problem creating a VPN tunnel between Fortigate90D to Check Point NGX R75 IPSEC.

The parameters between the two firewalls are the same but goes wrong.

I attach a screen shot. The LOG does not say much about the error so I do not have much information to provide you....

Thanks a lot to everyone

Toshi_Esumi · ‎11-19-2018

You can run "IKE" application debug described below to see what Phase1 parameters the FGT is receiving and what it's seeing as a problem. We always set a filter like "diag vpn ike log-filter dst-addr4 x.x.xx" even when only one IPsec is configured to avoid "noise" from random hacking attemps in the debug output.

https://cookbook.fortinet.com/ipsec-vpn-troubleshooting/

RiccardoProti · ‎11-20-2018

Is it possible to have more detailed logs of vpn negotiation errors?

because the logs provided by fotigate are very few and not very detailed.

Is it possible to use a software or through shell to get more details?

Tanks

journeyman · ‎11-28-2018

Yes. See the link that Toshi provided above. Alternatively see this fortinet video which steps through solving common tunnel faults.

Within the cli use the following commands to collect logs, often you can find the problem.

# diagnose debug disable
# di de reset
# di vpn ike log-filter dst-addr4 x.x.x.x <---- remote gateway IP address
# di de application ike -1 
# di de enable
# di de di