Configuring the FortiGate unit as a VPN policy server
When a FortiClient application set to automatic configuration connects to the FortiGate unit, the FortiGate unit requests a user name and password. If the user supplies valid credentials, the FortiGate unit downloads the VPN settings to the FortiClient application.
You must do the following to configure the FortiGate unit to work as a VPN policy server for FortiClient automatic configuration:
1. Create user accounts for FortiClient users.
2. Create a user group for FortiClient users and the user accounts that you created in step 1.
3. Connect to the FortiGate unit CLI and configure VPN policy distribution as follows:
config vpn ipsec forticlient edit <policy_name>
set phase2name <tunnel_name> set usergroupname <group_name> set status enable
end
<tunnel_name> must be the Name you specified in the step 2 of Configure the FortiGate unit on page
- 1706. <group_name> must be the name of the user group your created for FortiClient users.
Configuring DHCP services on a FortiGate interface
If the FortiClient dialup clients are configured to obtain a VIP address using DHCP, configure the FortiGate dialup server to either:
- Relay DHCP requests to a DHCP server behind the FortiGate unit (see To configure DHCP relay on a FortiGate interface on page 1709 below).
- Act as a DHCP server (see To configure a DHCP server on a FortiGate interface on page 1709).
Note that DHCP services are typically configured during the interface creation stage, but you can return to an interface to modify DHCP settings if need be.
To configure DHCP relay on a FortiGate interface
1. Go to Network > Interfaces and select the interface that you want to relay DHCP.
2. Under DHCP Server, select Enable and create a new DHCP Address Range and Netmask.
3. Open the Advanced... menu and select Relay for the Mode option.
4. For the Type, select IPsec.
5. Select OK.
To configure a DHCP server on a FortiGate interface
1. Go to Network > Interfaces and select the interface that you want to act as a DHCP server.
2. Under DHCP Server, select Enable and create a new DHCP Address Range and Netmask.
3. For Default Gateway, enter the IP address of the default gateway that the DHCP server assigns to DHCP clients.
4. For DNS Server, select Same as System DNS. If you want to use a different DNS server for VPN clients, select Specify and enter an IP address in the available field.
5. Open the Advanced... menu and select Server for the Mode option.
6. For the Type, select IPsec.
7. Select OK.