Site-to-Site VPN between OpenSense and Fortigate

[Member1]

Hi,
I want to create a Site-to-Site VPN IPsec between Opensense and ForiGate. Therefore, i have some questions:
 - Is it possible to create S2S between Opensense and FGATE?
 - If yes, how can i block the communication that are come from the Fgate?, my goal is to allow the lan subnet on opensense (192.168.1.0/24) to communicating with lan-subnet on Fgate  (10.10.1.0/24), but not vice versa.


Regards

[Monviech (Cedrik)]

IPsec is a protocol that is not vendor specific. As long as the devices adhere to the IPsec standard, a tunnel can be established.
- An IPsec tunnel between an OPNsense (which uses Strongswan as IPsec implementation) and FortiGate (which use their own closed source IPsec implementation) is possible, as long as both sides use the same settings.
- Communication into the LAN Subnet of the OPNsense can be blocked with filter rules (Firewall rules). Creating an IPsec tunnel creates a virtual interface group called "IPsec" on which filter rules can be defined in the GUI. As long as no pass rules are set, all incoming traffic is denied.
- Communication from the LAN Subnet to the Fortigate Subnet can be allowed by setting pass filter rules with the destination to the Fortigate Subnet on the "LAN" firewall rules.