Fortinet black logo

Administration Guide

Home FortiManager 7.0.4 Administration Guide

Creating new IPsec VPN templates

7.0.4
7.4.2
7.4.1
7.4.0
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.6
6.2.5
6.2.3
6.2.2
6.2.1
6.2.0
6.0.12
6.0.11
6.0.10
6.0.9
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.6.11
5.6.10
5.6.9
5.6.8
5.6.7
5.6.6
5.6.5
5.6.4
5.6.3
5.6.2
5.6.1
5.6.0
5.4.7
5.4.6
5.4.5
5.4.4
5.4.3
5.4.2
5.4.1
5.4.0
5.2.10
5.2.7
5.2.6
5.2.4
5.2.3
5.2.2
5.2.1
5.2.0
5.0.12
5.0.11
5.0.10
5.0.9
5.0.8
5.0.7
5.0.6
5.0.5
5.0.4
5.0.3
5.0.2
4.3.8
4.3.7
4.3.6
4.3.5
4.3.4
4.3.3
4.3.2
4.3.1
4.3.0
4.2.9
4.2.8
4.2.7
4.2.6
4.2.5
4.2.4
4.2.3
4.2.2
4.2.1
4.2.0
4.1.0
4.0.3
4.0.2
4.0.1
4.0.0
Copy Link
Copy Doc ID b8568110-d147-11ec-bb32-fa163e15d75b:318813
Download PDF

Creating new IPsec VPN templates

Instead of creating a new template, you can clone the default template.

To create an IPsec VPN template:
  1. Go to Device Manager > Provisioning Templates > IPsec Tunnel Templates.
  2. Click Create New from the toolbar. The Create New IPsec Tunnel Template dialog appears.
  3. Enter a Name for the template.
  4. Click OK. The new template is created
  5. Select the template name and click Edit.
  6. At the top of the list of tunnel templates, click Create New.
  7. Enter the IPsec tunnel settings:

    Setting

    Value/Description

    Tunnel Name

    Enter a name for this IPsec tunnel.

    Routing

    Manual: Routes will not automatically created.

    Automatic: Static routes to remote subnet will be created.

    Remote Device

    Select from IP Address, Dynamic DNS, or Dynamic.

    Remote Gateway (IP Address)

    Enter the IP address of the remote gateway for this tunnel.

    This field accepts meta field variables.

    In this example, you will use the remote_site_id meta field variable here, 101.71.$(remote_site_id).1, where the meta field variable value will be substituted at runtime.

    Outgoing Interface

    Enter the outgoing interface port name (for example, port2).

    Local ID

    Optionally, specify an identifier that is used to identify this device to VPN servers during the phase 1 exchange.

    This field accepts meta field variables.

    Network Overlay

    Enable or disable network overlay. If enabled, enter the network ID.

    Remote Subnet

    Enter one or more remote subnets, with netmask. This field accepts meta field variables.

    For this example, enter 200.71.$(remote_site_id).0/255.255.255.0, where the meta field variable value will be substituted at runtime.

    Proposal

    Select the encryption and authentication algorithms used to generate keys for the internet key exchange security association (IKE SA).

    There must be a minimum of one combination. The remote peer or client must be configured to use at least one of the proposals that you define.

    Authentication Method

    Pre-shared Key: Alphanumeric key used for device authentication.

    Signature: Select the certificate to use for authentication.

    Tunnel Interface Setup

    Configure the IP and/or remote IP for the tunnel to use in the IPsec template.

    Advanced Options

    Expand to access and set a number of advanced options.

  8. Click OK to save the settings. The IPsec template is created and ready to be assigned to devices.
To import an IPsec VPN template:
  1. If using ADOMs, ensure that you are in the correct ADOM.
  2. Go to Device Manager > Provisioning Templates > IPsec Tunnel Templates.
  3. Click Import. The Import IPSec Template screen is shown.
  4. Configure the following settings and click OK:
    • Name - specify a name for the IPSec template.
    • Device - select the FortiGate device from where to select the IPsec template.

    The IPsec template is imported.

Previous
Next

Creating new IPsec VPN templates

Instead of creating a new template, you can clone the default template.

To create an IPsec VPN template:
  1. Go to Device Manager > Provisioning Templates > IPsec Tunnel Templates.
  2. Click Create New from the toolbar. The Create New IPsec Tunnel Template dialog appears.
  3. Enter a Name for the template.
  4. Click OK. The new template is created
  5. Select the template name and click Edit.
  6. At the top of the list of tunnel templates, click Create New.
  7. Enter the IPsec tunnel settings:

    Setting

    Value/Description

    Tunnel Name

    Enter a name for this IPsec tunnel.

    Routing

    Manual: Routes will not automatically created.

    Automatic: Static routes to remote subnet will be created.

    Remote Device

    Select from IP Address, Dynamic DNS, or Dynamic.

    Remote Gateway (IP Address)

    Enter the IP address of the remote gateway for this tunnel.

    This field accepts meta field variables.

    In this example, you will use the remote_site_id meta field variable here, 101.71.$(remote_site_id).1, where the meta field variable value will be substituted at runtime.

    Outgoing Interface

    Enter the outgoing interface port name (for example, port2).

    Local ID

    Optionally, specify an identifier that is used to identify this device to VPN servers during the phase 1 exchange.

    This field accepts meta field variables.

    Network Overlay

    Enable or disable network overlay. If enabled, enter the network ID.

    Remote Subnet

    Enter one or more remote subnets, with netmask. This field accepts meta field variables.

    For this example, enter 200.71.$(remote_site_id).0/255.255.255.0, where the meta field variable value will be substituted at runtime.

    Proposal

    Select the encryption and authentication algorithms used to generate keys for the internet key exchange security association (IKE SA).

    There must be a minimum of one combination. The remote peer or client must be configured to use at least one of the proposals that you define.

    Authentication Method

    Pre-shared Key: Alphanumeric key used for device authentication.

    Signature: Select the certificate to use for authentication.

    Tunnel Interface Setup

    Configure the IP and/or remote IP for the tunnel to use in the IPsec template.

    Advanced Options

    Expand to access and set a number of advanced options.

  8. Click OK to save the settings. The IPsec template is created and ready to be assigned to devices.
To import an IPsec VPN template:
  1. If using ADOMs, ensure that you are in the correct ADOM.
  2. Go to Device Manager > Provisioning Templates > IPsec Tunnel Templates.
  3. Click Import. The Import IPSec Template screen is shown.
  4. Configure the following settings and click OK:
    • Name - specify a name for the IPSec template.
    • Device - select the FortiGate device from where to select the IPsec template.

    The IPsec template is imported.

Previous
Next