Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Examples

    6.4.0
    7.6.0
    7.4.0
    7.2.0
    7.0.0
    6.4.0

    Creating VPN communities

    Creating VPN communities

    Create the following separate VPN communities:

    • One VPN community over the Internet named OL_INET
    • One VPN community over MPLS named OL_MPLS

    FortiManager supports having two Hubs within the same community.

    The following parameters will be used for each VPN community. Any parameters not mentioned in the table can be left to use default values:

    Parameter

    Value

    VPN Topology

    Dial-Up

    Authentication

    Pre-shared Key = 123Fortinet!@#

    IKE Version

    2

    IKE SA Proposals

    AES256/SHA256, AES256GCM/PRFSHA384

    IPSEC SA Proposals

    AES256/SHA256, AES256GCM

    VPN Zone

    OFF

    Dead Peer Detection

    On Idle

    dpd-retrycount

    2

    dpd-retryinterval

    10
    To create a VPN Community from the GUI:
    1. Go to VPN Manager > IPsec VPN.
    2. In the toolbar, click Create New. The VPN Topology Setup Wizard dialog appears.
    3. Enter a name for the topology, such as OL_INET.
    4. In the Choose VPN topology field, select Dial up, and click Next.
    5. Complete the setup as required in the wizard.
      Note

      Ensure that VPN Zone is disabled while completing the dial-up topology setup. Enabling VPN Zone and setting it to Create Default Zones, creates a dynamic interface by default.

      SD-WAN does not support dynamic interfaces.

    6. Click OK. The VPN community is created.

    7. Similarly, create another VPN community called OL_MPLS for the MPLS network.
    Previous
    Next

    Creating VPN communities

    Creating VPN communities

    Create the following separate VPN communities:

    • One VPN community over the Internet named OL_INET
    • One VPN community over MPLS named OL_MPLS

    FortiManager supports having two Hubs within the same community.

    The following parameters will be used for each VPN community. Any parameters not mentioned in the table can be left to use default values:

    Parameter

    Value

    VPN Topology

    Dial-Up

    Authentication

    Pre-shared Key = 123Fortinet!@#

    IKE Version

    2

    IKE SA Proposals

    AES256/SHA256, AES256GCM/PRFSHA384

    IPSEC SA Proposals

    AES256/SHA256, AES256GCM

    VPN Zone

    OFF

    Dead Peer Detection

    On Idle

    dpd-retrycount

    2

    dpd-retryinterval

    10
    To create a VPN Community from the GUI:
    1. Go to VPN Manager > IPsec VPN.
    2. In the toolbar, click Create New. The VPN Topology Setup Wizard dialog appears.
    3. Enter a name for the topology, such as OL_INET.
    4. In the Choose VPN topology field, select Dial up, and click Next.
    5. Complete the setup as required in the wizard.
      Note

      Ensure that VPN Zone is disabled while completing the dial-up topology setup. Enabling VPN Zone and setting it to Create Default Zones, creates a dynamic interface by default.

      SD-WAN does not support dynamic interfaces.

    6. Click OK. The VPN community is created.

    7. Similarly, create another VPN community called OL_MPLS for the MPLS network.
    Previous
    Next