fortigate-ipsec-40-mr3
fortigate-ipsec-40-mr3
fortigate-ipsec-40-mr3
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
FortiClient VPN<br />
IPsec VPN in the web-based manager<br />
Use the FortiClient VPN configuration settings when configuring an IPsec VPN for<br />
FortiClient. When configuring a FortiClient VPN connection, the settings for phase 1 and<br />
phase 2 settings are automatically configured by the FortiGate unit. They are set to:<br />
Remote Gateway — Dialup User<br />
Mode — Aggressive<br />
IPSec Interface Mode — Enabled<br />
Default settings for P1 and P2 Proposal<br />
XAUTH Enable as Server (Auto)<br />
IKE mode-config will be enabled<br />
Peer Option — "Accept any peer ID"<br />
The remainder of the settings use the current FortiGate defaults. Note that FortiClient<br />
settings need to match these FortiGate defaults.<br />
If you need to configure advanced settings for the FortiClient VPN, select Edit on the Auto<br />
Key (IKE) page (Go to VPN > IPsec > Auto Key (IKE)) and configure the peer options or<br />
advanced options.<br />
New FortiClient VPN page<br />
Name Enter a name for the FortiClient VPN.<br />
Local Outgoing Select the local outgoing interface for the VPN.<br />
Interface<br />
Authentication Select the type of authentication used when logging in to the VPN.<br />
Method<br />
Preshared Key<br />
User Group<br />
Address Range<br />
Start IP<br />
Address Range<br />
End IP<br />
If Pre-shared Key was selected in Authentication Method, enter the<br />
pre-shared key in the field provided.<br />
Select a user group. You can also create a user group from the<br />
drop-down list by selecting Create New.<br />
Enter the start IP address for the DHCP address range for the<br />
client.<br />
Enter the end IP address for the address range.<br />
Subnet Mask Enter the subnet mask.<br />
Enable IPv4 Split<br />
Tunnel<br />
DNS Server<br />
Enabled by default, this option enables the FortiClient user to use<br />
the VPN to access internal resources while other Internet access is<br />
not sent over the VPN, alleviating potential traffic bottlenecks in the<br />
VPN connection. Disable this option to have all traffic sent through<br />
the VPN tunnel.<br />
Select which DNS server to use for this VPN:<br />
Use System DNS — Use the same DNS servers as the FortiGate<br />
unit. These are configured at System > Interface > DNS. This is<br />
the default option.<br />
Specify — Specify the IP address of a different DNS server.<br />
IPsec VPNs for FortiOS 4.0 MR3<br />
34 01-434-112804-20120111<br />
http://docs.fortinet.com/