Priority: 3 (Blackhole is greater than the preset 0)Īdministrative Distance: 12 (Generally greater than the preset route 10) Sets the first network segment(192.168.1.0) IPSec primary Gateway Name or Address: 203.4.5.6 IPSec Keying Mode: IKE using Preshared Secret. The two sides environment are as follows: Sonicwall NSA 4600
He then went to check on official”Blackhole”IT,Only found in previous firmware versions can go through this set of instructions”Blackhole”routing,But I still do not know why I like to try to solve the problem FortiGate network segment of ping less than Sonicwall network,Currently out first to share this success is set mode,If further follow-up information,Update this post again,Netizens know why words,In the following discussion are also welcome message,Thanks。
Then I practice the same again,The”Blackhole”Routing Enabled、And then deactivated,Segment on both sides and can communicate,After the test several times to confirm the results are the same,Began to study the”Blackhole”Routing settings。In the setting parameters of a route,Have”Priority”跟”Distance”Two values will affect the order,Finally, try out as long as”Blackhole”Routes”Priority”Value is less than VPN routes”Priority”;”Distance”Values greater than VPN routes”Distance”,You can make both sides of the normal network connection,Even restart VPN connection can also be a normal ping each other。 To inquire after official data,But for the present official 5.6 The firmware version appears to only provide the same to Site VPN Wizard Mode is set to Site FortiGate product of teaching,But I noticed that when completed the final step in the wizard mode,The wizard screen display mode in which projects were done several sets of transaction,Which have a file called “Blackhole Route” The project caught my attention,Because generally set Site to Site VPN,Are set “static route”,”Blackhole Route” This project is actually the first time I saw。Then went to “Static Routes” Go to View,In the Interface drop-down menu.,There really”Blackhole”Options,Try to add a sum of routing,And thrown into”Blackhole”This interface,After setting,Had also ping to the Sonicwall FortiGate network segment,Now less than a ping,Then I just added this to disable the routing group,Then the magic happened as soon as,Sonicwall network on both sides of the FortiGate can ping each other to,But after I disconnect and then reconnect the VPN,FortiGate again unable to ping the network segment Sonicwall,Sonicwall you can still ping the FortiGate network segment。 Today we met the demand to keep FortiGate establish Site to Site VPN's,Model is FortiGate 80E,Firmware version 5.6.4,When you hear is buy a new firewall,I found myself out”Anything but reassuring”Idea,Wait until the connection over to see,Sure enough options changed again,And this time even the interface has changed a lot。The actual project start setting VPN,This discovery seems to have no points”Tunnel”Give”Interface”,I first tried to previous”Tunnel”The way to set the,But did not establish a successful VPN,Then changed to”Interface”set up,But appear strange results,Both sides of the Site to Site VPN has been successfully established,This end can ping Sonicwall FortiGate end segments,But not vice timeout。Checked the order and routing policy settings are no problem,Zhonglaiyici result is the same,Let me headache。
0 kommentar(er)
