IPSec VPN
Configuring encrypt policies
FortiGate-50 Installation and Configuration Guide
169
Adding a source address
The source address is located within the internal network of the local VPN peer. It can
be a single computer address or the address of a network.
1
Go to
Firewall > Address
.
2
Select an internal interface. (Methods will differ slightly between FortiGate models.)
3
Select New to add an address.
4
Enter the Address Name, IP Address, and NetMask for a single computer or for an
entire subnetwork on an internal interface of the local VPN peer.
5
Select OK to save the source address.
Adding a destination address
The destination address can be a VPN client address on the Internet or the address of
a network behind a remote VPN gateway.
1
Go to
Firewall > Address
.
2
Select an external interface. (Methods will differ slightly between FortiGate models.)
3
Select New to add an address.
4
Enter the Address Name, IP Address, and NetMask for a single computer or for an
entire subnetwork on an internal interface of the remote VPN peer.
5
Select OK to save the source address.
Adding an encrypt policy
1
Go to
Firewall > Policy
.
2
Select the policy list to which you want to add the policy (usually, Int
->
Ext).
3
Select New to add a new policy.
4
Set Source to the source address.
5
Set Destination to the destination address.
6
Set Service to control the services allowed over the VPN connection.
You can select ANY to allow all supported services over the VPN connection or select
a specific service or service group to limit the services allowed over the VPN
connection.
7
Set Action to ENCRYPT.
8
Configure the ENCRYPT parameters.
VPN Tunnel
Select an Auto Key tunnel for this encrypt policy.
Allow inbound
Select Allow inbound to enable inbound users to connect to the source
address.
Allow outbound
Select Allow outbound to enable outbound users to connect to the
destination address.
Summary of Contents for FortiGate FortiGate-50
Page 16: ...16 Fortinet Inc Customer service and technical support Introduction...
Page 32: ...32 Fortinet Inc Next steps Getting started...
Page 40: ...40 Fortinet Inc Completing the configuration NAT Route mode installation...
Page 112: ...112 Fortinet Inc Customizing replacement messages System configuration...
Page 144: ...144 Fortinet Inc Content profiles Firewall configuration...
Page 202: ...202 Fortinet Inc Logging attacks Network Intrusion Detection System NIDS...
Page 216: ...216 Fortinet Inc Exempt URL list Web filtering...
Page 228: ...228 Fortinet Inc Configuring alert email Logging and reporting...
Page 232: ...232 Fortinet Inc Glossary...