Tunneled Internet browsing
This is a sample configuration of tunneled internet browsing using a dialup VPN. To centralize network management and control, all branch office traffic is tunneled to HQ, including Internet browsing.
To configure a dialup VPN to tunnel Internet browsing using the GUI:
- Configure the dialup VPN server FortiGate at HQ:
- Go to VPN > IPsec Wizard and configure the following settings for VPN Setup:
- Enter a VPN name, in this example, HQ.
- For Template Type, select Site to Site.
- For Remote Device Type, select FortiGate.
- For NAT Configuration, select The remote site is behind NAT.
- Click Next.
- Configure the following settings for Authentication:
- For Incoming Interface, select port9.
- For Authentication Method, select Pre-shared Key.
- In the Pre-shared Key field, enter sample as the key.
- Click Next.
- Configure the following settings for Policy & Routing:
- From the Local Interface dropdown menu, select port10.
- Configure the Local Subnets as 172.16.101.0.
- Configure the Remote Subnets as 0.0.0.0/0.
- For Internet Access, select Share Local.
- For Shared WAN, select port9.
- Click Create.
- Go to VPN > IPsec Wizard and configure the following settings for VPN Setup:
- Configure the dialup VPN client FortiGate at a branch:
- Go to VPN > IPsec Wizard and configure the following settings for VPN Setup:
- Enter a VPN name, in this example, Branch1 or Branch2.
- For Template Type, select Site to Site.
- For Remote Device Type, select FortiGate.
- For NAT Configuration, select The remote site is behind NAT.
- Click Next.
- Configure the following settings for Authentication:
- For IP Address, select Remote Device and enter 22.1.1.1.
- For Outgoing Interface, select wan1.
- For Authentication Method, select Pre-shared Key.
- In the Pre-shared Key field, enter sample as the key.
- Click Next.
- Configure the following settings for Policy &&n
- Go to VPN > IPsec Wizard and configure the following settings for VPN Setup: