Fortinet black logo

Administration Guide

Home FortiManager 7.0.7 Administration Guide

Recommended IPsec templates

7.0.7
7.4.2
7.4.1
7.4.0
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.6
6.2.5
6.2.3
6.2.2
6.2.1
6.2.0
6.0.12
6.0.11
6.0.10
6.0.9
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.6.11
5.6.10
5.6.9
5.6.8
5.6.7
5.6.6
5.6.5
5.6.4
5.6.3
5.6.2
5.6.1
5.6.0
5.4.7
5.4.6
5.4.5
5.4.4
5.4.3
5.4.2
5.4.1
5.4.0
5.2.10
5.2.7
5.2.6
5.2.4
5.2.3
5.2.2
5.2.1
5.2.0
5.0.12
5.0.11
5.0.10
5.0.9
5.0.8
5.0.7
5.0.6
5.0.5
5.0.4
5.0.3
5.0.2
4.3.8
4.3.7
4.3.6
4.3.5
4.3.4
4.3.3
4.3.2
4.3.1
4.3.0
4.2.9
4.2.8
4.2.7
4.2.6
4.2.5
4.2.4
4.2.3
4.2.2
4.2.1
4.2.0
4.1.0
4.0.3
4.0.2
4.0.1
4.0.0
Copy Link
Copy Doc ID a4407def-c519-11ed-8e6d-fa163e15d75b:959026
Download PDF

Recommended IPsec templates

FortiManager includes recommended IPsec templates that come preconfigured with FortiManager best practices recommendations for use within your environment. These templates can be used to simplify deployment of SD-WAN interconnected sites or to create IPsec VPN for FortiGate devices.

Once a new IPsec template has been created from a recommended template, it can be edited, deleted, and/or cloned.

Meta fields can be used when configuring a recommended template's required fields to ensure that fields like Local ID are unique when the template is assigned to multiple devices. See Meta Fields.

The following IPsec recommended templates are available.

Template Name

Description
HUB_IPSec_Recommended This template was created for use with the SD-WAN provisioning template. The wizard prompts for input expected for HUB IPsec tunnels used by the SD-WAN template. The template assumes dialup clients by selecting Dynamic for Remote Devices.
Branch_IPSec_Recommended Fortinet's recommended template for IPSec branch device configurations. The wizard prompts for the remote gateway (HUB) and requests a local ID to facilitate multiple tunnels for use in SD-WAN.
IPSec_Fortinet_Recommended Fortinet's recommended template for IPSec configurations. Unlike the HUB and Branch templates above, this template does not make assumptions about the function of the assigned device/group.
To use a default IPsec template in your environment:
  1. Go to Device Manager > Provisioning Templates > IPsec Tunnel Templates.
  2. Select a recommended template, and click Activate in the toolbar.

  3. Enter configuration details specific to your environment.

  4. Click OK to save your changes.
    A new template is created in the template list based on the recommended template you selected and the configuration details provided.
  5. (Optional) Edit the template to view or change the automatically configured settings.
  6. (Optional) Once a template has been created, it can be added to a template group. SeeTemplate groups
  7. Assign the new template or template group to a managed device/device group and then install the changes.
To create a HUB_IPSec_Recommended template:
  1. Activate the HUB_IPSec_Recommended template.
  2. Enter the following requested information.
    Template NameEnter a name for the template.

    Enable ADVPN

    Optionally, toggle this setting to enable Auto Discovery VPN (ADVPN).

    Outgoing InterfaceEnter the outgoing interface. This is the physical port that the branch devices will connect to.
    IPv4 Start IP

    Enter the first usable IP address in the range.

    IPv4 End IP

    Enter the last usable IP address in the range.

    IPv4 NetmaskEnter the IPv4 netmask.
    Pre-shared KeyEnter the pre-shared key.
  3. Click OK to create the template.
To create a Branch_IPSec_Recommended template:
  1. Activate the Branch_IPSec_Recommended template.
  2. Enter the following requested information.
    Template NameEnter a name for the template.

    Enable ADVPN

    Optionally, enable or disable Auto Discovery VPN (ADVPN).

    Outgoing Interface

    Enter the outgoing interface. This is the physical port that the branch devices will use to connect to the HUB.

    Local IDEnter a Local ID. This is used by the HUB to identify the connecting device.
    Remote GatewayEnter the IP address of the HUB interface that the Branch will connect to.
    Pre-shared KeyEnter the pre-shared key.
  3. Click OK to create the template.
To create a IPSec_Fortinet_Recommended template:
  1. Activate the IPSec_Recommended template.
  2. Enter the following requested information.
    Template NameEnter a name for the template.
    Outgoing InterfaceEnter the outgoing interface. This is the physical port that the branch devices will connect to.
    Remote GatewayEnter the IP address of the destination device’s interface that the assigned FortiGates will connect to.
    Pre-shared KeyEnter the pre-shared key.
  3. Click OK to create the template.
Previous
Next

Recommended IPsec templates

FortiManager includes recommended IPsec templates that come preconfigured with FortiManager best practices recommendations for use within your environment. These templates can be used to simplify deployment of SD-WAN interconnected sites or to create IPsec VPN for FortiGate devices.

Once a new IPsec template has been created from a recommended template, it can be edited, deleted, and/or cloned.

Meta fields can be used when configuring a recommended template's required fields to ensure that fields like Local ID are unique when the template is assigned to multiple devices. See Meta Fields.

The following IPsec recommended templates are available.

Template Name

Description
HUB_IPSec_Recommended This template was created for use with the SD-WAN provisioning template. The wizard prompts for input expected for HUB IPsec tunnels used by the SD-WAN template. The template assumes dialup clients by selecting Dynamic for Remote Devices.
Branch_IPSec_Recommended Fortinet's recommended template for IPSec branch device configurations. The wizard prompts for the remote gateway (HUB) and requests a local ID to facilitate multiple tunnels for use in SD-WAN.
IPSec_Fortinet_Recommended Fortinet's recommended template for IPSec configurations. Unlike the HUB and Branch templates above, this template does not make assumptions about the function of the assigned device/group.
To use a default IPsec template in your environment:
  1. Go to Device Manager > Provisioning Templates > IPsec Tunnel Templates.
  2. Select a recommended template, and click Activate in the toolbar.

  3. Enter configuration details specific to your environment.

  4. Click OK to save your changes.
    A new template is created in the template list based on the recommended template you selected and the configuration details provided.
  5. (Optional) Edit the template to view or change the automatically configured settings.
  6. (Optional) Once a template has been created, it can be added to a template group. SeeTemplate groups
  7. Assign the new template or template group to a managed device/device group and then install the changes.
To create a HUB_IPSec_Recommended template:
  1. Activate the HUB_IPSec_Recommended template.
  2. Enter the following requested information.
    Template NameEnter a name for the template.

    Enable ADVPN

    Optionally, toggle this setting to enable Auto Discovery VPN (ADVPN).

    Outgoing InterfaceEnter the outgoing interface. This is the physical port that the branch devices will connect to.
    IPv4 Start IP

    Enter the first usable IP address in the range.

    IPv4 End IP

    Enter the last usable IP address in the range.

    IPv4 NetmaskEnter the IPv4 netmask.
    Pre-shared KeyEnter the pre-shared key.
  3. Click OK to create the template.
To create a Branch_IPSec_Recommended template:
  1. Activate the Branch_IPSec_Recommended template.
  2. Enter the following requested information.
    Template NameEnter a name for the template.

    Enable ADVPN

    Optionally, enable or disable Auto Discovery VPN (ADVPN).

    Outgoing Interface

    Enter the outgoing interface. This is the physical port that the branch devices will use to connect to the HUB.

    Local IDEnter a Local ID. This is used by the HUB to identify the connecting device.
    Remote GatewayEnter the IP address of the HUB interface that the Branch will connect to.
    Pre-shared KeyEnter the pre-shared key.
  3. Click OK to create the template.
To create a IPSec_Fortinet_Recommended template:
  1. Activate the IPSec_Recommended template.
  2. Enter the following requested information.
    Template NameEnter a name for the template.
    Outgoing InterfaceEnter the outgoing interface. This is the physical port that the branch devices will connect to.
    Remote GatewayEnter the IP address of the destination device’s interface that the assigned FortiGates will connect to.
    Pre-shared KeyEnter the pre-shared key.
  3. Click OK to create the template.
Previous
Next