Internet browsing configuration
IPSec VPN
FortiGate Version 4.0 Administration Guide
544
01-400-89802-20090424
Internet browsing configuration
By using appropriate firewall policies, you can enable VPN users to browse the Internet
through the FortiGate unit. The required policies are different for policy-based and route-
based VPNs. For more information, see
“Configuring firewall policies” on page 323
To create a policy-based VPN Internet browsing configuration
1
Go to
Firewall > Policy
.
2
Select
Create New
and enter the following information
3
Configure other settings as required.
4
Select
OK
.
To configure a route-based VPN Internet browsing configuration
1
Go to
Firewall > Policy
.
2
Select
Create New
and enter the following information.
3
Configure other settings as required.
4
Select
OK
.
Concentrator
In a hub-and-spoke configuration, policy-based VPN connections to a number of remote
peers radiate from a single, central FortiGate unit. Site-to-site connections between the
remote peers do not exist; however, You can establish VPN tunnels between any two of
the remote peers through the FortiGate unit “hub”.
In a hub-and-spoke network, all VPN tunnels terminate at the hub. The peers that connect
to the hub are known as “spokes”. The hub functions as a concentrator on the network,
managing all VPN connections between the spokes. VPN traffic passes from one tunnel to
the other through the hub.
You define a concentrator to include spokes in the hub-and-spoke configuration.
Source Interface/Zone
Select the FortiGate unit public interface.
Source Address Name
Select
All
.
Destination Interface/Zone
Select the FortiGate unit public interface.
Destination Address Name
Select the remote network address name.
Action
Select
IPSEC
.
VPN Tunnel
Select the tunnel that provides access to the private network
behind the FortiGate unit.
Inbound NAT
Select the check box.
Source Interface/Zone
Select the IPSec interface.
Source Address Name
Select
All
.
Destination Interface/Zone
Select the FortiGate unit public interface.
Destination Address Name
Select
All
.
Action
Select
ACCEPT
.
NAT
Select the check box.
Summary of Contents for Gate 60D
Page 705: ...www fortinet com...
Page 706: ...www fortinet com...