Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Administration Guide

IPsec VPN Wizard

For each device, the SD-WAN pane includes access to an IPsec VPN Wizard. You can use the wizard to create IPsec VPN tunnels and automatically generate interface members for the tunnel.

To configure the IPsec VPN in SD-WAN:
  1. Go to the device database. See Displaying the device database.
  2. In the device database, go to System > SD-WAN.

    The SD-WAN pane opens.

  3. In the Interface Members section, click Create VPN.

    The Create IPsec VPN for SD-WAN dialog box is displayed.

  4. Configure the following settings, and click OK to generate IPsec VPNs:

    Name

    Specify a name for the VPN.

    Remote Device

    Select IP Address or Dynamic DNS.

    IP Address

    Specify the IP address if IP Address is selected for Remote Device.

    FQDN

    Specify the FQDN if Dynamic DNS is selected for Remote Device.

    Outgoing Interface

    Select the outgoing interface.

    Authentication Method

    Select Pre-shared key or Signature.

    Certificate Name

    Select the certificate (if Signature was selected as the Authentication Method)

    Peer Certificate CA

    Select the Peer Certificate CA (if Signature was selected as the Authentication Method)

    Pre-shared Key

    Select the pre-shared key (if Pre-shared key was selected as the Authentication Method)

    The auto-generated VPN interface is automatically added to the list of SD-WAN interface members.

  5. Edit the VPN in Interface Members to configure Gateway IP, Estimated Upstream Bandwidth (Kbps), and Estimated Downstream Bandwidth (Kbps).
  6. Click Apply to save the SD-WAN settings.

IPsec VPN Wizard

For each device, the SD-WAN pane includes access to an IPsec VPN Wizard. You can use the wizard to create IPsec VPN tunnels and automatically generate interface members for the tunnel.

To configure the IPsec VPN in SD-WAN:
  1. Go to the device database. See Displaying the device database.
  2. In the device database, go to System > SD-WAN.

    The SD-WAN pane opens.

  3. In the Interface Members section, click Create VPN.

    The Create IPsec VPN for SD-WAN dialog box is displayed.

  4. Configure the following settings, and click OK to generate IPsec VPNs:

    Name

    Specify a name for the VPN.

    Remote Device

    Select IP Address or Dynamic DNS.

    IP Address

    Specify the IP address if IP Address is selected for Remote Device.

    FQDN

    Specify the FQDN if Dynamic DNS is selected for Remote Device.

    Outgoing Interface

    Select the outgoing interface.

    Authentication Method

    Select Pre-shared key or Signature.

    Certificate Name

    Select the certificate (if Signature was selected as the Authentication Method)

    Peer Certificate CA

    Select the Peer Certificate CA (if Signature was selected as the Authentication Method)

    Pre-shared Key

    Select the pre-shared key (if Pre-shared key was selected as the Authentication Method)

    The auto-generated VPN interface is automatically added to the list of SD-WAN interface members.

  5. Edit the VPN in Interface Members to configure Gateway IP, Estimated Upstream Bandwidth (Kbps), and Estimated Downstream Bandwidth (Kbps).
  6. Click Apply to save the SD-WAN settings.