FortiOS 5.2 VPN: IPsec VPN with the native Mac OS client

Source: Internet
Author: User
Keywords IPsec VPN Mac
Tags forticloud fortios fortinet vpn port fortigate ipsec vpn fortinet mac vpn

In this recipe, you will learn how to create an IPsec VPN on a FortiGate, and connect to it using the default client built into the Mac OS.

This VPN configuration allows Mac users to securely access an internal network as well as browse the Internet through the VPN tunnel.

This recipe was tested using Mac OS 10.10.2 (Yosemite).

1. Configuring the IPsec VPN using the IPsec VPN Wizard

Go to VPN > IPSec > Wizard.

Name the VPN connection and select Dial Up – Cisco Firewall and click Next.

Set the Incoming Interface to the internet-facing interface.

Select Pre-shared Key for the Authentication Method.

Enter a pre-shared key, select the appropriate User Group, then click Next.

Set Local Interface to an internal interface and set Local Address to the local LAN address.

Enter an IP address range for VPN users in the Client Address Range field then click Next.

The IPsec VPN Wizard finishes with a summary of created objects.

Go to Policy & Objects > Objects > Addresses and confirm that the wizard has created the IPsec VPN firewall address range.

Go to Policy & Objects > Policy > IPv4 and confirm that the wizard has created the policy from the VPN tunnel interface to the internal interface.

2. Creating a security policy for remote access to the Internet

Under Policy & Objects > Policy > IPv4, create a security policy allowing remote users to access the Internet securely through the FortiGate unit.

Set Incoming Interface to the tunnel interface and set Source Address to all.

Set Outgoing Interface to the Internet-facing interface and Destination Address to all.

Set Service to ALL and enable NAT.

The policy should appear in the policy list at Policy & Objects > Policy > IPv4.

3. Connecting to the IPsec VPN using the native Mac client

On the Mac, go to System Preferences > Network and click the Plus (+) button.

Set Interface to VPN, set VPN Type to Cisco IPSec, and click Create.

Set the Server Address to the FortiGate IP address, configure the network account details for the remote user, then click Authentication Settings.

Select Shared Secret and enter the pre-shared key you created above, then click OK.

4. Results

On the Mac, ensure that the VPN is selected and click Connect. The Status should change to Connected and you should be given an IP Address in the range specified above.

You should also be able to browse the Internet, protected by whichever profiles you applied to the security policy created in the above step.

On the FortiGate unit, go to VPN > Monitor > IPsec Monitor and verify that the tunnel Status is Up, and that there are Incoming and Outgoing Data.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.