We had to set one of these up today and it was a bit odd.
The easiest way is to say what settings worked :-)
Stick with SHA and 3DES. Group2 for DH, supposedly 14 will work but it didn't for us.
Use proxies, this was our final stumbling block. ISA wanted proxies in phase 2 or came up with INVALID-ID-INFORMATION in the Fortigate debugs.
Otherwise it's defaults for times, DPD etc.
ISA summarises multiple networks rather than creating a second phase 2. dumb..
ie we had 10.0.1.0/24 at the remote site and 10.0.2.0/24 at the head office end. They want to add 10.0.3.0/24 so debugging (you can't set this or see it in ISA by the looks of it) the HO end proxy goes from 10.0.2.0/24 to 10.0.0.0/16. So what happens when you add a second network to the remote office end?
I was playing with this a while back and it didn't work and got forgotten about but this time I dug into it further. There are lots of...
This is something that caught my interest a few years ago and has been sitting in the garage churning out tiny fractions of a bitcoin regula...
This one might save someone some searching :-) I can't remember when it started happening but the UserEventAgent process started using...
We still see this one occasionally. Had one case where we needed to get a policy on but couldn't reboot the firewall. So, tried a few ...