Fortinet black logo

Cookbook

Home FortiGate / FortiOS 5.6.0 Cookbook

Configuring the IPsec VPN

5.6.0
6.2.16
6.2.15
6.2.14
6.2.13
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.0
6.0.0
5.6.0
5.4.0
Copy Link
Copy Doc ID 4d801240-7ccc-11e9-81a4-00505692583a:786021
Download PDF

Configuring the IPsec VPN

  1. Go to VPN > IPsec Wizard and create a new tunnel.
  2. Name the VPN. The tunnel name cannot include spaces or exceed 13 characters.

    Set Template Type to Remote Access.

    Set Remote Device Type to FortiClient VPN for OS X, Windows, and Android.

  3. Set the Incoming Interface to wan1

    Set Authentication Method to Pre-shared Key.

    Enter a pre-shared key. This pre-shared key is a credential for the VPN and should differ from the user password.

    For User Group, select Employees.

  4. Set Local Interface to lan.

    Set Local Address to the local network address.

    Enter a Client Address Range for VPN users.

    Ensure Enable IPv4 Split Tunnel is not enabled so that all Internet traffic goes through the FortiGate, otherwise traffic not intended for the corporate network will not flow through the FortiGate or be subject to the corporate security profiles.

  5. Select Client Options.

  6. After you create the tunnel, a summary page lists the objects that have been added to the FortiGate’s configuration.

  7. To view the VPN interface created by the wizard, go to Network > Interfaces and expand the wan1 interface.

  8. To view the firewall address created by the wizard, go to Policy & Objects > Addresses.

  9. To view the security policy created by the wizard, go to Policy & Objects > IPv4 Policy.

Previous
Next

Configuring the IPsec VPN

  1. Go to VPN > IPsec Wizard and create a new tunnel.
  2. Name the VPN. The tunnel name cannot include spaces or exceed 13 characters.

    Set Template Type to Remote Access.

    Set Remote Device Type to FortiClient VPN for OS X, Windows, and Android.

  3. Set the Incoming Interface to wan1

    Set Authentication Method to Pre-shared Key.

    Enter a pre-shared key. This pre-shared key is a credential for the VPN and should differ from the user password.

    For User Group, select Employees.

  4. Set Local Interface to lan.

    Set Local Address to the local network address.

    Enter a Client Address Range for VPN users.

    Ensure Enable IPv4 Split Tunnel is not enabled so that all Internet traffic goes through the FortiGate, otherwise traffic not intended for the corporate network will not flow through the FortiGate or be subject to the corporate security profiles.

  5. Select Client Options.

  6. After you create the tunnel, a summary page lists the objects that have been added to the FortiGate’s configuration.

  7. To view the VPN interface created by the wizard, go to Network > Interfaces and expand the wan1 interface.

  8. To view the firewall address created by the wizard, go to Policy & Objects > Addresses.

  9. To view the security policy created by the wizard, go to Policy & Objects > IPv4 Policy.

Previous
Next