Hello friends, welcome back—this is Day 42 of my PCNSS series. In this video I configured a real side-to-side IPsec VPN (IKEv2) between Palo Alto and FortiGate, and I did it in a proper lab setup with two private subnets behind each firewall and an “internet/ISP cloud” in between. My main goal was simple: traffic from Site-1 (192.168.10.0/24) should reach Site-2 (192.168.20.0/24), and vice-versa, exactly like you will see in real-world customer networks. I started from Palo Alto: created the Phase 1 IKE Crypto (key exchange) and Phase 2 IPsec Crypto (data exchange), built the IKE Gateway with peer IP, pre-shared key, and IKEv2, then created the IPsec tunnel with Proxy-ID (interesting traffic) for 10-to-20 subnets. After that I added static routes (default route to ISP + route to remote subnet via tunnel) and security policies in both directions so initiation can happen from either site. Then on FortiGate I used the IPsec Wizard (Custom), selected IKEv2, matched proposals/DH group, set local/remote subnets, created firewall policies for tunnel-to-LAN and LAN-to-tunnel, and added routes. Finally, I verified with continuous ping, checked Phase1/Phase2 status and encaps/decaps, and captured packets on the Palo Alto outside interface to analyze the IKEv2 messages and see ESP traffic once the tunnel comes up.