Now, you need to go Network > Network Profiles > IKE Gateways > Add. You can change it as per your requirement. Then, define the DH Group, Encryption and Authentication Method. You have ESP (Encapsulation Security Protocol) and AH (Authentication Heade) protocol for IPSec. Select the IPsec Protocol as per your requirement. Here, you need to give a friendly name for the IPSec Crypto profile. You need to go Network > Network Profiles > IPSec Crypto > Add. Now, you need to define Phase 2 of the IPSec Tunnel. You can change it as per your requirement.ĭefining the IPSec Crypto Profile Here, you need to give a friendly name for the IKE Crypto profile. You need to go Network > Network Profiles > IKE Crypto > Add. Now, you need to define Phase 1 of the IPSec Tunnel. Also, you can attach Management Profile in Advanced Tab if you need it.ĭefining the IKE Crypto Profile Although, you do not need to provide IPv4 or IPv6 IP address for this interface. Also, in Security Zone filed, you need to select the security zone as defined in Step 1. Select the Virtual Router, default in my case.
To define the tunnel interface, Go to Network > Interfaces > Tunnel. You need to define a separate virtual tunnel interface for IPSec Tunnel. You can provide any name as per your convenience.Ĭreating a Tunnel Interface on Palo Alto Firewall Here, you need to provide the Name for the Security Zone. In order to configure the security zone, you need to go Network > Zones > Add. Creating a Security Zone on Palo Alto Firewallįirst, we need to create a separate security zone on Palo Alto Firewall. You need to follow the following steps in order to configure IPSec Tunnel’s Phase 1 and Phase 2 on Palo Alto. Steps to configure IPSec Tunnel in Palo Alto Firewallįirst, we will configure Palo Alto Firewall. In this example, I’m going two random public IP addresses on both Palo Alto and FortiGate Firewall, which are reachable from each other. You must need Public IP between Palo Alto and FortiGate Firewall. IPSec Tunnel Scenario for Palo Alto and FortiGate Firewall
Creating a Security Zone on Palo Alto Firewall.Steps to configure IPSec Tunnel in Palo Alto Firewall.IPSec Tunnel Scenario for Palo Alto and FortiGate Firewall.