Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiProxy 7.4.6 Administration Guide
    7.4.6
    7.6.0
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.0
    7.0.19
    7.0.17
    7.0.0
    2.0.0
    1.2.0
    1.1.0
    1.0.0

    IPsec Wizard

    IPsec Wizard

    To set up an IPsec VPN:

    1. Go to VPN > IPsec Wizard.

    2. Configure the VPN setup and then select Next:

      Name

      Enter a unique descriptive name (15 characters or less) for the VPN tunnel.

      Template Type

      Select Site to Site or Custom:

      • Site to Site—Static tunnel between this FortiProxy unit and a remote FortiProxy unit through the Internet.

      • Custom—No template. See Create a custom VPN tunnel.

      NAT Configuration

      If you selected Site to Site, select No NAT between sites, This site is behind NAT, or The remote site is behind NAT.

      Remote Device type

      If you selected Site to Site, select FortiProxy or Cisco.

    3. Configure the authentication and then select Next:

      Remote Device

      If you selected Site to Site for the template type, select IP Address or Dynamic DNS.

      Remote IP Address

      If you selected IP Address for the remote address, enter the IP address of the remote peer.

      FQDN

      If you selected Dynamic DNS for the remote address, enter the domain name of the remote peer.

      Outgoing Interface

      If you selected Site to Site for the template type, select the outgoing interface from the drop-down list.

      Incoming Interface

      If you selected Remote Access for the template type, select the incoming interface from the drop-down list.

      Authentication Method

      Select Pre-shared Key or Signature:

      • Pre-shared Key—A preshared key contains at least six random alphanumeric characters. Users of the VPN must obtain the preshared key from the person who manages the VPN server and add the preshared key to their VPN client configuration.

      • Signature—Use one or more certificates for authentication.

      Pre-shared Key

      If you selected Pre-shared Key for the authentication method, enter the pre-shared key that the FortiProxy unit will use to authenticate itself to the remote peer or dial-up client during Phase 1 negotiations. You must define the same key at the remote peer or client.

      The key must contain at least 6 printable characters. For optimum protection against currently known attacks, the key must consist of a minimum of 16 randomly chosen alphanumeric characters. The limit is 128 characters.

      Certificate Name

      If you selected Signature for the authentication method, select + and then select one or more certificates that the FortiProxy unit will use to authenticate itself.

      Peer Certificate CA

      If you selected Signature for the authentication method, select a peer certificate authority.

    4. Configure the policy and routing settings:

      Local Interface

      Select the name of the interface through which remote peers or dial-up clients connect to the FortiProxy unit.

      Local Subnets

      If you selected Site to Site for the template type, enter a local subnet. Select + to enter another local subnet.

      Remote Subnets

      Enter a remote subnet. Select + to enter another remote subnet.

      Internet Access

      Select None, Share Local, or Use Remote.

      • None—Site-to-site devices communicate over the VPN, but Internet access does not require VPN.

      • Share Local—Allow the remote site to use this FortiProxy as an Internet gateway.

      • Use Remote—This FortiProxy unit will use a tunnel for Internet access from the remote location.

      Shared WAN

      If you selected Share Local for Internet access, select the WAN interface.

      Local Gateway

      If you selected Use Remote for Internet access, enter the local gateway address.

    5. Select Create.

    6. Select Add Another to start at the beginning of the IPsec Wizard or select Show Tunnel List to see the available IPsec tunnels.

    Previous
    Next

    IPsec Wizard

    IPsec Wizard

    To set up an IPsec VPN:

    1. Go to VPN > IPsec Wizard.

    2. Configure the VPN setup and then select Next:

      Name

      Enter a unique descriptive name (15 characters or less) for the VPN tunnel.

      Template Type

      Select Site to Site or Custom:

      • Site to Site—Static tunnel between this FortiProxy unit and a remote FortiProxy unit through the Internet.

      • Custom—No template. See Create a custom VPN tunnel.

      NAT Configuration

      If you selected Site to Site, select No NAT between sites, This site is behind NAT, or The remote site is behind NAT.

      Remote Device type

      If you selected Site to Site, select FortiProxy or Cisco.

    3. Configure the authentication and then select Next:

      Remote Device

      If you selected Site to Site for the template type, select IP Address or Dynamic DNS.

      Remote IP Address

      If you selected IP Address for the remote address, enter the IP address of the remote peer.

      FQDN

      If you selected Dynamic DNS for the remote address, enter the domain name of the remote peer.

      Outgoing Interface

      If you selected Site to Site for the template type, select the outgoing interface from the drop-down list.

      Incoming Interface

      If you selected Remote Access for the template type, select the incoming interface from the drop-down list.

      Authentication Method

      Select Pre-shared Key or Signature:

      • Pre-shared Key—A preshared key contains at least six random alphanumeric characters. Users of the VPN must obtain the preshared key from the person who manages the VPN server and add the preshared key to their VPN client configuration.

      • Signature—Use one or more certificates for authentication.

      Pre-shared Key

      If you selected Pre-shared Key for the authentication method, enter the pre-shared key that the FortiProxy unit will use to authenticate itself to the remote peer or dial-up client during Phase 1 negotiations. You must define the same key at the remote peer or client.

      The key must contain at least 6 printable characters. For optimum protection against currently known attacks, the key must consist of a minimum of 16 randomly chosen alphanumeric characters. The limit is 128 characters.

      Certificate Name

      If you selected Signature for the authentication method, select + and then select one or more certificates that the FortiProxy unit will use to authenticate itself.

      Peer Certificate CA

      If you selected Signature for the authentication method, select a peer certificate authority.

    4. Configure the policy and routing settings:

      Local Interface

      Select the name of the interface through which remote peers or dial-up clients connect to the FortiProxy unit.

      Local Subnets

      If you selected Site to Site for the template type, enter a local subnet. Select + to enter another local subnet.

      Remote Subnets

      Enter a remote subnet. Select + to enter another remote subnet.

      Internet Access

      Select None, Share Local, or Use Remote.

      • None—Site-to-site devices communicate over the VPN, but Internet access does not require VPN.

      • Share Local—Allow the remote site to use this FortiProxy as an Internet gateway.

      • Use Remote—This FortiProxy unit will use a tunnel for Internet access from the remote location.

      Shared WAN

      If you selected Share Local for Internet access, select the WAN interface.

      Local Gateway

      If you selected Use Remote for Internet access, enter the local gateway address.

    5. Select Create.

    6. Select Add Another to start at the beginning of the IPsec Wizard or select Show Tunnel List to see the available IPsec tunnels.

    Previous
    Next