FortiGate IPSec VPN User Guide - FirewallShop.com
FortiGate IPSec VPN User Guide - FirewallShop.com
FortiGate IPSec VPN User Guide - FirewallShop.com
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Gateway-to-gateway configurations<br />
Configuration example<br />
2 Select Create New, enter the following information, and select OK:<br />
Address Name<br />
Subnet/IP Range<br />
Enter an address name (for example, HR_Network).<br />
Enter the IP address of the private network behind<br />
<strong>FortiGate</strong>_2 (for example, 192.168.22.0/24).<br />
To define the firewall policy for a policy-based <strong>VPN</strong><br />
1 Go to Firewall > Policy.<br />
2 Select Create New, enter the following information, and select OK:<br />
Source Interface/Zone Port 1<br />
Source Address Name Finance_Network<br />
Destination Interface/Zone Port 2<br />
Destination Address Name HR_Network<br />
Schedule<br />
As required.<br />
Service<br />
As required.<br />
Action<br />
IPSEC<br />
<strong>VPN</strong> Tunnel<br />
FG1toFG2_Tunnel<br />
Allow Inbound<br />
Enable<br />
Allow Outbound<br />
Enable<br />
Inbound NAT<br />
Disable<br />
3 Place the policy in the policy list above any other policies having similar source<br />
and destination addresses.<br />
To define firewall policies for a route-based <strong>VPN</strong><br />
1 Go to Firewall > Policy.<br />
2 Select Create New, enter the following information, and select OK:<br />
Source Interface/Zone Port 1<br />
Source Address Name Finance_Network<br />
Destination Interface/Zone FG1toFG2_Tunnel<br />
Destination Address Name HR_Network<br />
Schedule<br />
As required.<br />
Service<br />
As required.<br />
Action<br />
ACCEPT<br />
NAT<br />
Disable<br />
3 Select Create New, enter the following information, and select OK:<br />
Source Interface/Zone FG1toFG2_Tunnel<br />
Source Address Name HR_Network<br />
Destination Interface/Zone Port 1<br />
Destination Address Name Finance_Network<br />
Schedule<br />
As required.<br />
Service<br />
As required.<br />
Action<br />
ACCEPT<br />
NAT<br />
Disable<br />
<strong>FortiGate</strong> <strong>IPSec</strong> <strong>VPN</strong> Version 3.0 <strong>User</strong> <strong>Guide</strong><br />
01-30005-0065-20070716 25