FortiGate IPSec VPN User Guide - FirewallShop.com
FortiGate IPSec VPN User Guide - FirewallShop.com
FortiGate IPSec VPN User Guide - FirewallShop.com
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Hub-and-spoke configurations<br />
Configure the hub<br />
NAT<br />
Protection profile<br />
Enable.<br />
If you want to apply a protection profile to this traffic, select<br />
the appropriate profile.<br />
2 Select OK.<br />
Using firewall policies as a concentrator<br />
To enable <strong>com</strong>munication between two spokes, you need to define an ACCEPT<br />
firewall policy for them. To allow either spoke to initiate <strong>com</strong>munication, you must<br />
create a policy for each direction. This procedure describes a firewall policy for<br />
<strong>com</strong>munication from Spoke 1 to Spoke 2. Others are similar.<br />
1 Define names for the addresses or address ranges of the private networks behind<br />
each spoke. For more information, see “Defining firewall addresses” on page 149.<br />
2 Go to Firewall > Policy. Select Create New and enter these settings in particular:<br />
Source Interface/Zone Select the <strong>IPSec</strong> interface that connects to Spoke 1.<br />
Source Address Name Select the address of the private network behind Spoke 1.<br />
Destination Interface/Zone Select the <strong>IPSec</strong> interface that connects to Spoke 2.<br />
Destination Address Name Select the address of the private network behind Spoke 2.<br />
Action<br />
Select ACCEPT.<br />
NAT<br />
Enable.<br />
Protection profile<br />
If you want to apply a protection profile to this traffic, select<br />
the appropriate profile.<br />
3 Select OK.<br />
<strong>FortiGate</strong> <strong>IPSec</strong> <strong>VPN</strong> Version 3.0 <strong>User</strong> <strong>Guide</strong><br />
01-30005-0065-20070716 39