Tunneled Internet browsing

This is a sample configuration of tunneled internet browsing using a dialup VPN. To centralize network management and control, all branch office traffic is tunneled to HQ, including Internet browsing.

To configure a dialup VPN to tunnel Internet browsing using the GUI:
  1. Configure the dialup VPN server FortiGate at HQ:
    1.   Go to VPN > IPsec Wizard and configure the following settings for VPN Setup:
      1. Enter a VPN name, in this example, HQ.
      2. For Template Type, select Site to Site.
      3. For Remote Device Type, select FortiGate.
      4. For NAT Configuration, select The remote site is behind NAT.
      5. Click Next.
    2. Configure the following settings for Authentication:
      1. For Incoming Interface, select port9.
      2. For Authentication Method, select Pre-shared Key.
      3. In the Pre-shared Key field, enter sample as the key.
      4. Click Next.
    3. Configure the following settings for Policy & Routing:
      1. From the Local Interface dropdown menu, select port10.
      2. Configure the Local Subnets as 172.16.101.0.
      3. Configure the Remote Subnets as 0.0.0.0/0.
      4. For Internet Access, select Share Local.
      5. For Shared WAN, select port9.
      6. Click Create.
  2. Configure the dialup VPN client FortiGate at a branch:
    1.   Go to VPN > IPsec Wizard and configure the following settings for VPN Setup:
      1. Enter a VPN name, in this example, Branch1 or Branch2.
      2. For Template Type, select Site to Site.
      3. For Remote Device Type, select FortiGate.
      4. For NAT Configuration, select The remote site is behind NAT.
      5. Click Next.
    2. Configure the following settings for Authentication:
      1. For IP Address, select Remote Device and enter 22.1.1.1.
      2. For Outgoing Interface, select wan1.
      3. For Authentication Method, select Pre-shared Key.
      4. In the Pre-shared Key field, enter sample as the key.
      5. Click Next.
    3. Configure the following settings for Policy &&n