FortiOS 6.0 VPN: IPsec VPN with FortiClient

Source: Internet
Author: User
Keywords FortiOS 6.0 IPsec VPN
Tags vpn getting started forticloud fortios fortios 6.0

In this example, you allow remote users to access the corporate network using an IPsec VPN that they connect to using FortiClient. The remote users’ Internet traffic is also routed through the FortiGate (split tunneling will not be enabled).

1. Adding a firewall address for the local network

To create a new firewall address, go to Policy & Objects > Addresses and select Create New > Address.

Set Category to Address and enter a Name. Set Type to Subnet, Subnet/IP Range to the local subnet, and Interface to lan.

2. Configuring the IPsec VPN using the IPsec VPN Wizard

To create the VPN, go to VPN > IPsec Wizard and create a new tunnel using a pre-existing template.

Name the VPN. Set Template to Remote Access, and set Remote Device Type to FortiClient VPN for OS X, Windows, and Android.

Set the Incoming Interface to wan1 and Authentication Method to Pre-shared Key.

Enter a pre-shared key and select the Employees group.

Set Local Interface to lan and set Local Address to the local network address.

Enter an Client Address Range for VPN users.

Make sure Enable IPv4 Split Tunnel is not selected, so that all Internet traffic will go through the FortiGate.

Select Client Options as desired.

After you create the tunnel, a summary page appears listing the objects which have been added to the FortiGate’s configuration by the wizard.

To view the VPN interface created by the wizard, go to Network > Interfaces.

To view the firewall address created by the wizard, go to Policy & Objects > Addresses.

To view the security policy created by the wizard, go to Policy & Objects > IPv4 Policy.

3. Creating a security policy for access to the Internet

The IPsec wizard automatically created a security policy allowing IPsec VPN users to access the internal network. However, since split tunneling is disabled, another policy must be created to allow users to access the Internet through the FortiGate.

To create a new policy, go to Policy & Objects > IPv4 Policies and select Create New. Set a policy name that will identify what this policy is used for (in the example, IPsec-VPN-Internet)

Set Incoming Interface to the tunnel interface and Outgoing Interface to wan1. Set Source to the IPsec client address range, Destination Address to all, Service to ALL, and enable NAT.

Configure any remaining firewall and security options as desired.

4. Configuring FortiClient

This example uses FortiClient 6.0.0.0067 for Windows.

To add the VPN connection, open FortiClient, go to Remote Access, and Add a new connection.

Set the Type to IPsec VPN and Remote Gateway to the FortiGate IP address.

Set Authentication Method to Pre-Shared Key and enter the key below.

5. Results

On FortiClient, select the VPN, enter the username and password, and select Connect.

Once the connection is established, the FortiGate assigns the user an IP address and FortiClient displays the status of the connection, including the IP address, connection duration, and bytes sent and received.

On the FortiGate, go to Monitor > IPsec Monitor and verify that the tunnel Status is Up.

Under Remote Gateway, the monitor shows the FortiClient user’s assigned gateway IP address.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.