fortigate-ipsec-40-mr3
fortigate-ipsec-40-mr3
fortigate-ipsec-40-mr3
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Internet-browsing configuration Routing all remote traffic through the VPN tunnel<br />
To create an Internet browsing policy - route-based VPN<br />
1 Go to Policy > Policy > Policy.<br />
2 Select Create New, enter the following information and then select OK:<br />
Source Interface The IPsec VPN interface.<br />
Source Address Name All<br />
Destination Interface<br />
The interface that connects to the Internet. The virtual<br />
IPsec interface is configured on this physical<br />
interface.<br />
Destination Address Name All<br />
Schedule As required.<br />
Service As required.<br />
Action ACCEPT<br />
NAT Enable<br />
UTM<br />
Select the UTM features that you want to apply to<br />
Internet access.<br />
The VPN clients must be configured to route all Internet traffic through the VPN tunnel.<br />
Routing all remote traffic through the VPN tunnel<br />
To make use of the Internet browsing configuration on the VPN server, the VPN peer or<br />
client must route all traffic through the VPN tunnel. Usually, only the traffic destined for<br />
the private network behind the FortiGate VPN server is sent through the tunnel.<br />
The remote end of the VPN can be a FortiGate unit that acts as a peer in a gateway-togateway<br />
configuration or a FortiClient Endpoint Security application that protects an<br />
individual client such as a notebook PC.<br />
To configure a remote peer FortiGate unit for Internet browsing via VPN, see<br />
“Configuring a FortiGate remote peer to support Internet browsing”.<br />
To configure a FortiClient Endpoint Security application for Internet browsing via VPN,<br />
see “Configuring a FortiClient application to support Internet browsing” on page 150.<br />
These procedures assume that your VPN connection to the protected private network is<br />
working and that you have configured the FortiGate VPN server for Internet browsing as<br />
described in “Creating an Internet browsing security policy” on page 148.<br />
Configuring a FortiGate remote peer to support Internet browsing<br />
The configuration changes to send all traffic through the VPN differ for policy-based and<br />
route-based VPNs.<br />
To route all traffic through a policy-based VPN<br />
1 At the FortiGate dialup client, go to Policy > Policy > Policy.<br />
2 Select the IPsec security policy and then select Edit.<br />
3 From the Destination Address list, select all.<br />
4 Select OK.<br />
All packets are routed through the VPN tunnel, not just packets destined for the<br />
protected private network.<br />
FortiOS Handbook v3: IPsec VPNs<br />
01-434-112804-20120111 149<br />
http://docs.fortinet.com/