Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Administration Guide

IPsec tunnel templates

You can provision IPsec tunnels to FortiGate branch devices using an IPsec template. You can save an IPsec VPN configuration, apply it to one or more FortiGates, or reuse the same configuration over and over again. You can specifically name IPsec tunnel interfaces using supported meta fields, and the tunnel interfaces may later on be mapped to normalized interfaces, or used in policies and also in SD-WAN widgets.

The following example assumes that site HQ IPsec VPN has been configured and is up and running. We will establish the configurations of Branch-A and Branch-B sites to the HQ site by using an IPsec template.

This section describes the following:

  1. Creating new meta fields
  2. Assigning values to meta field variables
  3. Creating new IPsec VPN templates

    A default template of recommended settings is provided. You can clone the default template, and tweak the settings for your needs. See Using IPsec Fortinet recommended template.

  4. Assigning IPsec VPN template to devices and device groups
  5. Installing IPsec VPN configuration and firewall policies to devices
  6. Verifying IPsec VPN tunnel status
  7. Verifying IPsec template configuration status

See also Un-assigning IPsec templates.

IPsec tunnel templates

You can provision IPsec tunnels to FortiGate branch devices using an IPsec template. You can save an IPsec VPN configuration, apply it to one or more FortiGates, or reuse the same configuration over and over again. You can specifically name IPsec tunnel interfaces using supported meta fields, and the tunnel interfaces may later on be mapped to normalized interfaces, or used in policies and also in SD-WAN widgets.

The following example assumes that site HQ IPsec VPN has been configured and is up and running. We will establish the configurations of Branch-A and Branch-B sites to the HQ site by using an IPsec template.

This section describes the following:

  1. Creating new meta fields
  2. Assigning values to meta field variables
  3. Creating new IPsec VPN templates

    A default template of recommended settings is provided. You can clone the default template, and tweak the settings for your needs. See Using IPsec Fortinet recommended template.

  4. Assigning IPsec VPN template to devices and device groups
  5. Installing IPsec VPN configuration and firewall policies to devices
  6. Verifying IPsec VPN tunnel status
  7. Verifying IPsec template configuration status

See also Un-assigning IPsec templates.