Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiManager 6.2.13 Administration Guide
    6.2.13
    7.6.1
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.6
    6.2.5
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.6.11
    5.6.10
    5.6.9
    5.6.8
    5.6.7
    5.6.6
    5.6.5
    5.6.4
    5.6.3
    5.6.2
    5.6.1
    5.6.0
    5.4.7
    5.4.6
    5.4.5
    5.4.4
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.2.10
    5.2.7
    5.2.6
    5.2.4
    5.2.3
    5.2.2
    5.2.1
    5.2.0
    5.0.12
    5.0.11
    5.0.10
    5.0.9
    5.0.8
    5.0.7
    5.0.6
    5.0.5
    5.0.4
    5.0.3
    5.0.2
    4.3.8
    4.3.7
    4.3.6
    4.3.5
    4.3.4
    4.3.3
    4.3.2
    4.3.1
    4.3.0
    4.2.9
    4.2.8
    4.2.7
    4.2.6
    4.2.5
    4.2.4
    4.2.3
    4.2.2
    4.2.1
    4.2.0
    4.1.0
    4.0.3
    4.0.2
    4.0.1
    4.0.0

    Creating external gateways

    Creating external gateways

    External gateways are not managed by the FortiManager device.

    To create an external gateway:
    1. Go to VPN Manager > IPsec VPN.
    2. Select a community from the tree menu, or double-click on a community in the list.
    3. On the community information content pane, in the toolbar, select Create New > External Gateway. The New VPN External Gateway pane opens.

    4. Configure the following settings, then click OK to create the external gateway:

      Node Type

      Select either HUB or Spoke from the dropdown list.

      This option is only available for star and dial up VPN topologies.

      Gateway Name

      Enter the gateway name.

      Gateway IP

      Select the gateway IP address from the dropdown list.

      Hub IP

      Select the hub IP address from the dropdown list.

      This option is only available for star and dial up topologies with the role set to Hub.

      Create Phase2 per Protected Subnet Pair

      Toggle the switch to On to create a phase2 per protected subnet pair.

      Routing

      Select the routing method: Manual (via Device Manager, or Automatic.

      This option is only available for full meshed and star topologies.

      Peer Type

      Select one of the following:

      • Accept any peer ID
      • Accept this peer ID: Enter the peer ID in the text field
      • Accept a dialup group: Select a group from the dropdown list

      A Local ID is an alphanumeric value assigned in the Phase 1 configuration. The local ID of a peer is called a Peer ID. The Local ID or peer ID can be used to uniquely identify one end of a VPN tunnel, enabling a more secure connection. If you have multiple VPN tunnels negotiating, this ensures the proper remote and local ends connect.

      When you configure the ID on your end, it is your local ID. When the remote end connects to you, they see it as your peer ID. If you are debugging a VPN connection, the local ID is part of the VPN negotiations. You can use it to help troubleshoot connection problems.

      The default configuration is to accept all local IDs (peer IDs). If your local ID is set, the remote end of the tunnel must be configured to accept your ID.

      This option is only available for dial up topologies.

      Protected Subnet

      Select a protected subnet from the list. You can add multiple subnets.

      Local Gateway

      Enter the local gateway IP address.

    Previous
    Next

    Creating external gateways

    Creating external gateways

    External gateways are not managed by the FortiManager device.

    To create an external gateway:
    1. Go to VPN Manager > IPsec VPN.
    2. Select a community from the tree menu, or double-click on a community in the list.
    3. On the community information content pane, in the toolbar, select Create New > External Gateway. The New VPN External Gateway pane opens.

    4. Configure the following settings, then click OK to create the external gateway:

      Node Type

      Select either HUB or Spoke from the dropdown list.

      This option is only available for star and dial up VPN topologies.

      Gateway Name

      Enter the gateway name.

      Gateway IP

      Select the gateway IP address from the dropdown list.

      Hub IP

      Select the hub IP address from the dropdown list.

      This option is only available for star and dial up topologies with the role set to Hub.

      Create Phase2 per Protected Subnet Pair

      Toggle the switch to On to create a phase2 per protected subnet pair.

      Routing

      Select the routing method: Manual (via Device Manager, or Automatic.

      This option is only available for full meshed and star topologies.

      Peer Type

      Select one of the following:

      • Accept any peer ID
      • Accept this peer ID: Enter the peer ID in the text field
      • Accept a dialup group: Select a group from the dropdown list

      A Local ID is an alphanumeric value assigned in the Phase 1 configuration. The local ID of a peer is called a Peer ID. The Local ID or peer ID can be used to uniquely identify one end of a VPN tunnel, enabling a more secure connection. If you have multiple VPN tunnels negotiating, this ensures the proper remote and local ends connect.

      When you configure the ID on your end, it is your local ID. When the remote end connects to you, they see it as your peer ID. If you are debugging a VPN connection, the local ID is part of the VPN negotiations. You can use it to help troubleshoot connection problems.

      The default configuration is to accept all local IDs (peer IDs). If your local ID is set, the remote end of the tunnel must be configured to accept your ID.

      This option is only available for dial up topologies.

      Protected Subnet

      Select a protected subnet from the list. You can add multiple subnets.

      Local Gateway

      Enter the local gateway IP address.

    Previous
    Next