Type a name for the VPN topology.

Type an optional description.

Choose a topology type. Select one of:

• Full Meshed: Each gateway has a tunnel to every other gateway.
• Star: Each gateway has one tunnel to a central hub gateway.
• Dial up: Some gateways, often mobile users, have dynamic IP addresses and contact the gateway to establish a tunnel.

Select Certificates or Pre-shared Key.

When you select Pre-shared Key, FortiGate implements the Encapsulated Security Payload (ESP) protocol. Internet Key Exchange (IKE) is performed automatically based on pre-shared keys or X.509 digital certificates.

If you selected Certificates, select a certificate template. Fortinet provides several default certificate templates. You can also create certificate templates on the Device Manager > Provisioning Templates > Certificate Templates pane.

If you selected Pre-shared Key, select Generate or Specify.

When you select Specify, type the pre-shared key that the FortiGate unit will use to authenticate itself to the remote peer or dialup client during phase 1 negotiations. You must define the same key at the remote peer or client. The key must contain at least 6 printable characters. For optimum protection against currently known attacks, the key must consist of a minimum of 16 randomly chosen alphanumeric characters.

Alternatively, you can select to generate a random pre-shared key.

Define the IKE Profile. Configure IKE Phase 1 and IKE Phase 2 settings.

Define the Phase 1 proposal settings.

Select IKE version 1 or 2 (default = 2).

For more information about IKE v2, refer to RFC 4306.

Select the encryption and authentication algorithms used to generate keys for protecting negotiations and add encryption and authentication algorithms as required.

You need to select at least one combination. The remote peer or client must be configured to use at least one of the proposals that you define.

Select one of the following symmetric-key encryption algorithms:

• 3DES: Triple-DES, in which plain text is encrypted three times by three keys.
• AES128: A 128-bit block Cipher Block Chaining (CBC) algorithm that uses a 128-bit key.
• AES128GCM: AES128 Galois/Counter Mode (GCM).
• AES192: A 128-bit block Cipher Block Chaining (CBC) algorithm that uses a 192-bit key.
• AES256: A 128-bit block Cipher Block Chaining (CBC) algorithm that uses a 256-bit key.
• AES256GCM
• ARIA128: A 128-bit block size that uses a 128-bit key.
• ARIA192: A 128-bit block size that uses a 192- bit key.
• ARIA256: A 128-bit block size that uses a 256-bit key.
• CHACHA20POLY1305: Arbitrary length, 96-bit nonce, and 256-bit key.
• DES: Digital Encryption Standard, a 64-bit block algorithm that uses a 56-bit key.
• SEED: A 16-round Feistel network with 128-bit blocks and a 128-bit key.

Select either of the following authentication message digests to check the authenticity of messages during phase 1 negotiations:

• MD5: Message Digest 5, the hash algorithm developed by RSA Data Security.
• SHA1: Secure Hash Algorithm 1, which produces a 160-bit message digest.
• SHA256: Secure Hash Algorithm 2, which produces a 256-bit message digest.
• SHA384: Secure Hash Algorithm 3, which produces a 384-bit message digest.
• SHA512: Secure Hash Algorithm 3, which produces a 512-bit message digest.

Note: If the encryption is GCM or CHACHA20POLY1305, the authentication options are PRFSHA1, PRFSHA256, PRFSHA384, and PRFSHA512.

To specify more combinations, use the Add button beside any of the table rows.

Define the Phase 2 proposal settings.

When you define phase 2 parameters, you can choose any set of phase 1 parameters to set up a secure connection for the tunnel and authenticate the remote peer. Auto Key configuration applies to both tunnel-mode and interface-mode VPNs.

Select the encryption and authentication algorithms used to generate keys for protecting negotiations and add encryption and authentication algorithms as required.

You need to select at least one combination. The remote peer or client must be configured to use at least one of the proposals that you define.

It is invalid to set both Encryption and Authentication to NULL.

Select one of the following symmetric-key encryption algorithms:

• 3DES: Triple-DES, in which plain text is encrypted three times by three keys.
• AES128: A 128-bit block Cipher Block Chaining (CBC) algorithm that uses a 128-bit key.
• AES128GCM: AES128 Galois/Counter Mode (GCM).
• AES192: A 128-bit block Cipher Block Chaining (CBC) algorithm that uses a 192-bit key.
• AES256: A 128-bit block Cipher Block Chaining (CBC) algorithm that uses a 256-bit key.
• AES256GCM
• ARIA128: A 128-bit block size that uses a 128-bit key.
• ARIA192: A 128-bit block size that uses a 192- bit key.
• ARIA256: A 128-bit block size that uses a 256-bit key.
• CHACHA20POLY1305: Arbitrary length, 96-bit nonce, and 256-bit key.
• DES: Digital Encryption Standard, a 64-bit block algorithm that uses a 56-bit key.
• NULL: Do not use an encryption algorithm.
• SEED: A 16-round Feistel network with 128-bit blocks and a 128-bit key.

Select either of the following authentication message digests to check the authenticity of messages during phase 1 negotiations:

• NULL: Do not use a message digest.
• MD5: Message Digest 5, the hash algorithm developed by RSA Data Security.
• SHA1: Secure Hash Algorithm 1, which produces a 160-bit message digest.
• SHA256: Secure Hash Algorithm 2, which produces a 256-bit message digest.
• SHA384: Secure Hash Algorithm 3, which produces a 384-bit message digest.
• SHA512: Secure Hash Algorithm 3, which produces a 512-bit message digest.

Note: If the encryption is GCM or CHACHA20POLY1305, no authentication options can be selected.

To specify more combinations, use the Add button beside any of the table rows.

Select to create VPN zones. When enabled, you can select to create default or custom zones. When disabled, no VPN zones are created.

Select to have default zones created for you.

Select to choose what zones to create.

IKE Security Phase 1 Advanced Properties

Select one or more of the following Diffie-Hellman (DH) groups: 1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 27, 28, 29, 30, 31.

At least one of the DH group settings on the remote peer or client must match one the selections on the FortiGate unit. Failure to match one or more DH groups will result in failed negotiations.

Only one DH group is allowed for static and dynamic DNS gateways in aggressive mode.

Select either Aggressive or Main (ID Protection).

The FortiGate unit and the remote peer or dialup client exchange phase 1 parameters in either Main (ID Protection) or Aggressive mode. This choice does not apply if you use IKE version 2, which is available only for route-based configurations.

• In Main mode, the Phase 1 parameters are exchanged in multiple rounds with encrypted authentication information
• In Aggressive mode, the Phase 1 parameters are exchanged in single message with authentication information that is not encrypted.

Although Main mode is more secure, you must select Aggressive mode if there is more than one dialup Phase 1 configuration for the interface IP address, and the remote VPN peer or client is authenticated using an identifier local ID). Descriptions of the peer options in this guide indicate whether Main or Aggressive mode is required.

Type the time (in seconds) that must pass before the IKE encryption key expires. When the key expires, a new key is generated without interrupting service. The keylife can be from 120 to 172800 seconds.

Select this checkbox to reestablish VPN tunnels on idle connections and clean up dead IKE peers if required. You can use this option to receive notification whenever a tunnel goes up or down, or to keep the tunnel connection open when no traffic is being generated inside the tunnel. For example, in scenarios where a dialup client or dynamic DNS peer connects from an IP address that changes periodically, traffic may be suspended while the IP address changes.

IPsec Security Phase 2 Advanced Properties

Select one or more of the following Diffie-Hellman (DH) groups: 1, 2, 5, 14, 15, 16, 17, 18, 19, 20, 21, 27, 28, 29, 30, 31.

At least one of the DH group settings on the remote peer or client must match one the selections on the FortiGate unit. Failure to match one or more DH groups will result in failed negotiations.

Only one DH group is allowed for static and dynamic DNS gateways in aggressive mode.

Select to enable or disable replay detection. Replay attacks occur when an unauthorized party intercepts a series of IPsec packets and replays them back into the tunnel.

Select to enable or disable perfect forward secrecy (PFS).

Perfect forward secrecy (PFS) improves security by forcing a new Diffie-Hellman exchange whenever keylife expires.

Select the PFS key life. Select Second, Kbytes, or Both from the dropdown list and type the value in the text field.

Select to enable or disable autokey keep alive.

The phase 2 SA has a fixed duration. If there is traffic on the VPN as the SA nears expiry, a new SA is negotiated and the VPN switches to the new SA without interruption. If there is no traffic, the SA expires and the VPN tunnel goes down. A new SA will not be generated until there is traffic.

The Autokey Keep Alive option ensures that a new SA is negotiated even if there is no traffic so that the VPN tunnel stays up.

Select to enable or disable auto-negotiation.

Select the checkbox if a NAT device exists between the local FortiGate unit and the VPN peer or client. The local FortiGate unit and the VPN peer or client must have the same NAT traversal setting (both selected or both cleared) to connect reliably.

If NAT traversal is enabled or forced, type a keep-alive frequency setting (10-900 seconds).

For more information on advanced options, see the FortiOS CLI Reference.

Enable or disable FCC enforcement.

Enable or disable the inter-vdom setting.

Select the local ID type from the dropdown list. Select one of:

• address: IP Address
• asn1dn: ASN.1 Distinguished Name
• auto: Select type automatically
• fqdn: Fully Qualified Domain name
• keyid: Key Identifier ID
• user-fqdn: User Fully Qualified Domain Name

Enter the negotiation timeout value. The default is 30 seconds.