Fortinet black logo

FortiGate VPN Integration

Home FortiNAC 9.4.0 FortiGate VPN Integration
9.4.0
9.4.0

Complete Model Configuration (VPN Addresses and Logical Networks)

Complete Model Configuration (VPN Addresses and Logical Networks)

  1. Navigate to Network > Inventory.

  2. Click the FortiGate device.

  3. Under the Virtualized Devices tab, right-click the VDOM in which the VPN tunnel is

  4. configured and select Model Configuration.

  5. In the VPN Addresses drill-down menu, select the network address group.

  6. Define the Source IP Address. Required if the VPN tunnel is configured on a VDOM that does NOT own the IP address in the Element tab. This is the IP address the FortiGate Fabric Connector will use for communication over the Security Fabric.

  7. Associate Logical Network(s) to the Firewall Tags or Groups that will be sent to the FortiGate when the VPN client is identified.

    Logical Network:

    Under Logical Network Configuration, highlight the desired Logical Network and select Edit.

    If the Logical Network is not listed:

    a. Select Create New.

    b. Select the Logical Network from the drill-down. If not listed, select Create.

    To Assign Firewall Tags:

    a. Next to Firewall Tags, click "+"

    b. Enter the desired string value that will correspond to the desired firewall user group on the FortiGate.

    c. Click "+" for each tag desired to be sent for that Logical Network.

    The tags will be imported to the FortiGate once the Security Fabric connection is completed in later steps.

    To Assign Groups:

    a. Enable Send Groups to Firewall

    b. Next to Firewall Groups, click "+"

    c. In the right panel, select all groups to be sent for that Logical Network.

    The groups will be imported to the FortiGate once the Security Fabric connection is completed in later steps.

  8. Click OK.

  9. Right click on the device model and select Resync Interfaces to apply the network address group assignment.

For more details, refer to the following sections in the Administration Guide:

Logical networks

Virtualized Devices

Previous
Next

Complete Model Configuration (VPN Addresses and Logical Networks)

  1. Navigate to Network > Inventory.

  2. Click the FortiGate device.

  3. Under the Virtualized Devices tab, right-click the VDOM in which the VPN tunnel is

  4. configured and select Model Configuration.

  5. In the VPN Addresses drill-down menu, select the network address group.

  6. Define the Source IP Address. Required if the VPN tunnel is configured on a VDOM that does NOT own the IP address in the Element tab. This is the IP address the FortiGate Fabric Connector will use for communication over the Security Fabric.

  7. Associate Logical Network(s) to the Firewall Tags or Groups that will be sent to the FortiGate when the VPN client is identified.

    Logical Network:

    Under Logical Network Configuration, highlight the desired Logical Network and select Edit.

    If the Logical Network is not listed:

    a. Select Create New.

    b. Select the Logical Network from the drill-down. If not listed, select Create.

    To Assign Firewall Tags:

    a. Next to Firewall Tags, click "+"

    b. Enter the desired string value that will correspond to the desired firewall user group on the FortiGate.

    c. Click "+" for each tag desired to be sent for that Logical Network.

    The tags will be imported to the FortiGate once the Security Fabric connection is completed in later steps.

    To Assign Groups:

    a. Enable Send Groups to Firewall

    b. Next to Firewall Groups, click "+"

    c. In the right panel, select all groups to be sent for that Logical Network.

    The groups will be imported to the FortiGate once the Security Fabric connection is completed in later steps.

  8. Click OK.

  9. Right click on the device model and select Resync Interfaces to apply the network address group assignment.

For more details, refer to the following sections in the Administration Guide:

Logical networks

Virtualized Devices

Previous
Next