FortiClient dialup-client configurations

Leave a reply

Routebased VPN security policies

Define an ACCEPT security policy to permit communications between the source and destination addresses.

1. Go to Policy & Objects > IPv4 Policy and select Create New.

2. Leave the Policy Type as Firewall and leave the Policy Subtype as Address.

3. Enter these settings in particular:

Incoming Interface                   Select the VPN Tunnel (IPsec Interface) you configured in Step “Configure the FortiGate unit” on page 1706.

Source Address                        Select All.

Outgoing Interface                   Select the interface that connects to the private network behind this FortiGate unit.

Destination Address                 Select All.

Action                                         Select ACCEPT.

Enable NAT                                Disable.

If you want to allow hosts on the private network to initiate communications with the FortiClient users after the tunnel is established, you need to define a security policy for communication in that direction.

1. Go to Policy & Objects > IPv4 Policy and select Create New.

2. Leave the Policy Type as Firewall and leave the Policy Subtype as Address.

3. Enter these settings in particular:

 

Incoming Interface                   Select the interface that connects to the private network behind this FortiGate unit.

Source Address                        Select All.

Outgoing Interface                   Select the interface that connects to the private network behind this FortiGate unit.

Destination Address                 Select All.

Action                                         Select ACCEPT.

Enable NAT                                Disable.

Policybased VPN security policy

Define an IPsec security policy to permit communications between the source and destination addresses.

1. Go to Policy & Objects > IPv4 Policy and select Create New.

2. Enter these settings in particular:

Incoming Interface                   Select the interface that connects to the private network behind this FortiGate unit.

Source Address                        Select the address name that you defined in Step “Configure the FortiGate unit” on page 1706 for the private network behind this FortiGate unit.

Outgoing Interface                   Select the FortiGate unit’s public interface.

Destination Address                 If FortiClient users are assigned VIPs, select the address name that you defined for the VIP subnet. Otherwise, select All.

VPN Tunnel                                Select Use Existing and select the name of the Phase 1 configuration that you created in Step “Configure the FortiGate unit” on page 1706.

Select Allow traffic to be initiated from the remote site to enable traffic from the remote network to initiate the tunnel.

Place VPN policies in the policy list above any other policies having similar source and destination addresses.

Pages: 1 2 3 4 5 6 7

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.