Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiManager 7.2.0 Administration Guide
    7.2.0
    7.6.1
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.6
    6.2.5
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.6.11
    5.6.10
    5.6.9
    5.6.8
    5.6.7
    5.6.6
    5.6.5
    5.6.4
    5.6.3
    5.6.2
    5.6.1
    5.6.0
    5.4.7
    5.4.6
    5.4.5
    5.4.4
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.2.10
    5.2.7
    5.2.6
    5.2.4
    5.2.3
    5.2.2
    5.2.1
    5.2.0
    5.0.12
    5.0.11
    5.0.10
    5.0.9
    5.0.8
    5.0.7
    5.0.6
    5.0.5
    5.0.4
    5.0.3
    5.0.2
    4.3.8
    4.3.7
    4.3.6
    4.3.5
    4.3.4
    4.3.3
    4.3.2
    4.3.1
    4.3.0
    4.2.9
    4.2.8
    4.2.7
    4.2.6
    4.2.5
    4.2.4
    4.2.3
    4.2.2
    4.2.1
    4.2.0
    4.1.0
    4.0.3
    4.0.2
    4.0.1
    4.0.0

    Creating new IPsec VPN templates

    Creating new IPsec VPN templates

    The example instructions included in this section follow the deployment topology introduced in IPsec tunnel templates.

    To create an IPsec VPN template:
    1. Go to Device Manager > Provisioning Templates > IPsec Tunnel Templates.
    2. Click Create New from the toolbar. The Create New IPsec Tunnel Template dialog appears.
    3. Enter a Name for the template.
    4. Click Create New to create a new IPsec tunnel.

      Setting

      Value/Description

      Tunnel Name

      Enter a name for this IPsec tunnel.

      Routing

      Manual: Routes will not automatically created.

      Automatic: Static routes to remote subnet will be created.

      Remote Device

      Select from IP Address, Dynamic DNS, or Dynamic.

      Remote Gateway (IP Address)

      Enter the IP address of the remote gateway for this tunnel.

      This field accepts meta field variables.

      In this example, you will use the remote_site_id meta field variable here, 101.71.$(remote_site_id).1, where the meta field variable value will be substituted at runtime.

      See ADOM-level metadata variables.

      Outgoing Interface

      Enter the outgoing interface port name (for example, port2).

      Local ID

      Optionally, specify an identifier that is used to identify this device to VPN servers during the phase 1 exchange.

      This field accepts meta field variables.

      Network Overlay

      Enable or disable network overlay. If enabled, enter the network ID.

      Remote Subnet

      Enter one or more remote subnets, with netmask. This field accepts meta field variables.

      For this example, enter 200.71.$(remote_site_id).0/255.255.255.0, where the meta field variable value will be substituted at runtime.

      Authentication Method

      Pre-shared Key: Alphanumeric key used for device authentication.

      Signature: Select the certificate to use for authentication.

      Tunnel Interface Setup

      Configure the IP and/or remote IP for the tunnel to use in the IPsec template.

      Advanced Options

      Expand to access and set a number of advanced options.

    5. Click OK to save the settings. The IPsec template is created and ready to be assigned to devices.
    To import an IPsec VPN template:
    1. If using ADOMs, ensure that you are in the correct ADOM.
    2. Go to Device Manager > Provisioning Templates > IPsec Tunnel Templates.
    3. Click Import. The Import IPSec Template screen is shown.
    4. Configure the following settings and click OK:
      • Name - specify a name for the IPSec template.
      • Device - select the FortiGate device from where to select the IPsec template.

      The IPsec template is imported.

    Previous
    Next

    Creating new IPsec VPN templates

    Creating new IPsec VPN templates

    The example instructions included in this section follow the deployment topology introduced in IPsec tunnel templates.

    To create an IPsec VPN template:
    1. Go to Device Manager > Provisioning Templates > IPsec Tunnel Templates.
    2. Click Create New from the toolbar. The Create New IPsec Tunnel Template dialog appears.
    3. Enter a Name for the template.
    4. Click Create New to create a new IPsec tunnel.

      Setting

      Value/Description

      Tunnel Name

      Enter a name for this IPsec tunnel.

      Routing

      Manual: Routes will not automatically created.

      Automatic: Static routes to remote subnet will be created.

      Remote Device

      Select from IP Address, Dynamic DNS, or Dynamic.

      Remote Gateway (IP Address)

      Enter the IP address of the remote gateway for this tunnel.

      This field accepts meta field variables.

      In this example, you will use the remote_site_id meta field variable here, 101.71.$(remote_site_id).1, where the meta field variable value will be substituted at runtime.

      See ADOM-level metadata variables.

      Outgoing Interface

      Enter the outgoing interface port name (for example, port2).

      Local ID

      Optionally, specify an identifier that is used to identify this device to VPN servers during the phase 1 exchange.

      This field accepts meta field variables.

      Network Overlay

      Enable or disable network overlay. If enabled, enter the network ID.

      Remote Subnet

      Enter one or more remote subnets, with netmask. This field accepts meta field variables.

      For this example, enter 200.71.$(remote_site_id).0/255.255.255.0, where the meta field variable value will be substituted at runtime.

      Authentication Method

      Pre-shared Key: Alphanumeric key used for device authentication.

      Signature: Select the certificate to use for authentication.

      Tunnel Interface Setup

      Configure the IP and/or remote IP for the tunnel to use in the IPsec template.

      Advanced Options

      Expand to access and set a number of advanced options.

    5. Click OK to save the settings. The IPsec template is created and ready to be assigned to devices.
    To import an IPsec VPN template:
    1. If using ADOMs, ensure that you are in the correct ADOM.
    2. Go to Device Manager > Provisioning Templates > IPsec Tunnel Templates.
    3. Click Import. The Import IPSec Template screen is shown.
    4. Configure the following settings and click OK:
      • Name - specify a name for the IPSec template.
      • Device - select the FortiGate device from where to select the IPsec template.

      The IPsec template is imported.

    Previous
    Next