Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Administration Guide

Creating new IPsec VPN templates

The example instructions included in this section follow the deployment topology introduced in IPsec tunnel templates.

To create an IPsec VPN template:
  1. Go to Device Manager > Provisioning Templates > IPsec Tunnel Templates.
  2. Click Create New from the toolbar. The Create New IPsec Tunnel Template dialog appears.
  3. Enter a Name for the template.
  4. Click Create New to create a new IPsec tunnel.

    Setting

    Value/Description

    Tunnel Name

    Enter a name for this IPsec tunnel.

    Routing

    Manual: Routes will not automatically created.

    Automatic: Static routes to remote subnet will be created.

    Remote Device

    Select from IP Address, Dynamic DNS, or Dynamic.

    Remote Gateway (IP Address)

    Enter the IP address of the remote gateway for this tunnel.

    This field accepts meta field variables.

    In this example, you will use the remote_site_id meta field variable here, 101.71.$(remote_site_id).1, where the meta field variable value will be substituted at runtime.

    See ADOM-level metadata variables.

    Outgoing Interface

    Enter the outgoing interface port name (for example, port2).

    Local ID

    Optionally, specify an identifier that is used to identify this device to VPN servers during the phase 1 exchange.

    This field accepts meta field variables.

    Network Overlay

    Enable or disable network overlay. If enabled, enter the network ID.

    Remote Subnet

    Enter one or more remote subnets, with netmask. This field accepts meta field variables.

    For this example, enter 200.71.$(remote_site_id).0/255.255.255.0, where the meta field variable value will be substituted at runtime.

    Authentication Method

    Pre-shared Key: Alphanumeric key used for device authentication.

    Signature: Select the certificate to use for authentication.

    Tunnel Interface Setup

    Configure the IP and/or remote IP for the tunnel to use in the IPsec template.

    Advanced Options

    Expand to access and set a number of advanced options.

  5. Click OK to save the settings. The IPsec template is created and ready to be assigned to devices.
To import an IPsec VPN template:
  1. If using ADOMs, ensure that you are in the correct ADOM.
  2. Go to Device Manager > Provisioning Templates > IPsec Tunnel Templates.
  3. Click Import. The Import IPSec Template screen is shown.
  4. Configure the following settings and click OK:
    • Name - specify a name for the IPSec template.
    • Device - select the FortiGate device from where to select the IPsec template.

    The IPsec template is imported.

Creating new IPsec VPN templates

The example instructions included in this section follow the deployment topology introduced in IPsec tunnel templates.

To create an IPsec VPN template:
  1. Go to Device Manager > Provisioning Templates > IPsec Tunnel Templates.
  2. Click Create New from the toolbar. The Create New IPsec Tunnel Template dialog appears.
  3. Enter a Name for the template.
  4. Click Create New to create a new IPsec tunnel.

    Setting

    Value/Description

    Tunnel Name

    Enter a name for this IPsec tunnel.

    Routing

    Manual: Routes will not automatically created.

    Automatic: Static routes to remote subnet will be created.

    Remote Device

    Select from IP Address, Dynamic DNS, or Dynamic.

    Remote Gateway (IP Address)

    Enter the IP address of the remote gateway for this tunnel.

    This field accepts meta field variables.

    In this example, you will use the remote_site_id meta field variable here, 101.71.$(remote_site_id).1, where the meta field variable value will be substituted at runtime.

    See ADOM-level metadata variables.

    Outgoing Interface

    Enter the outgoing interface port name (for example, port2).

    Local ID

    Optionally, specify an identifier that is used to identify this device to VPN servers during the phase 1 exchange.

    This field accepts meta field variables.

    Network Overlay

    Enable or disable network overlay. If enabled, enter the network ID.

    Remote Subnet

    Enter one or more remote subnets, with netmask. This field accepts meta field variables.

    For this example, enter 200.71.$(remote_site_id).0/255.255.255.0, where the meta field variable value will be substituted at runtime.

    Authentication Method

    Pre-shared Key: Alphanumeric key used for device authentication.

    Signature: Select the certificate to use for authentication.

    Tunnel Interface Setup

    Configure the IP and/or remote IP for the tunnel to use in the IPsec template.

    Advanced Options

    Expand to access and set a number of advanced options.

  5. Click OK to save the settings. The IPsec template is created and ready to be assigned to devices.
To import an IPsec VPN template:
  1. If using ADOMs, ensure that you are in the correct ADOM.
  2. Go to Device Manager > Provisioning Templates > IPsec Tunnel Templates.
  3. Click Import. The Import IPSec Template screen is shown.
  4. Configure the following settings and click OK:
    • Name - specify a name for the IPSec template.
    • Device - select the FortiGate device from where to select the IPsec template.

    The IPsec template is imported.