FortiGate IPSec VPN User Guide - FirewallShop.com

More documents

Recommendations

Info

Creating an Internet browsing firewall policy Internet-browsing configuration You can adapt any of the following configurations to provide secure Internet browsing: • a gateway-to-gateway configuration (see “Gateway-to-gateway configurations” on page 19) • a FortiClient dialup-client configuration (see “FortiClient dialup-client configurations” on page 55) • a FortiGate dialup-client configuration (see “FortiGate dialup-client configurations” on page 71) The procedures in this section assume that one of these configurations is in place, and that it is operating properly. To create an internet-browsing configuration based on an existing gateway-togateway configuration, you must edit the gateway-to-gateway configuration as follows: • On the FortiGate unit that will provide Internet access, create an Internet browsing firewall policy. See “Creating an Internet browsing firewall policy”, below. • Configure the remote peer or client to route all traffic through the VPN tunnel. You can do this on a FortiGate unit or on a FortiClient Host Security application. See “Routing all remote traffic through the VPN tunnel” on page 81. Creating an Internet browsing firewall policy On the FortiGate unit that acts as a VPN server and will provide secure access to the Internet, you must create an Internet browsing firewall policy. This policy differs depending on whether your gateway-to-gateway configuration is policybased or route-based. To create an Internet browsing policy - policy-based VPN 1 Go to Firewall > Policy. 2 Select Create New, enter the following information and then select OK: Source Interface Source Address Name Destination Interface Destination Address Name Schedule Service Action VPN Tunnel Protection Profile Allow Inbound Allow Outbound The interface to which the VPN tunnel is bound. The address of the remote FortiGate gateway. The interface to which the VPN tunnel is bound. (Same as Source Address). All As required. As required. IPSEC Select the tunnel that provides access to the private network behind the FortiGate unit. Select the protection profile that you want to apply to Internet access. Enable Enable FortiGate IPSec VPN Version 3.0 User Guide 80 01-30005-0065-20070716
Internet-browsing configuration Routing all remote traffic through the VPN tunnel Inbound NAT Enable Configure other settings as needed. To create an Internet browsing policy - route-based VPN 1 Go to Firewall > Policy. 2 Select Create New, enter the following information and then select OK: Source Interface Source Address Name Destination Interface Destination Address Name Schedule Service Action NAT Protection Profile The IPSec VPN interface. All The interface that connects to the Internet. The virtual IPSec interface is configured on this physical interface. All As required. As required. ACCEPT Enable Configure other settings as needed. Select the protection profile that you want to apply to Internet access. The VPN clients must be configured to route all Internet traffic through the VPN tunnel. Routing all remote traffic through the VPN tunnel To make use of the Internet browsing configuration on the VPN server, the VPN peer or client must route all traffic through the VPN tunnel. Usually, only the traffic destined for the private network behind the FortiGate VPN server is sent through the tunnel. The remote end of the VPN can be a FortiGate unit that acts as a peer in a gateway-to-gateway configuration or a FortiClient Host Security application that protects an individual client such as a notebook PC. • To configure a remote peer FortiGate unit for Internet browsing via VPN, see “Configuring a FortiGate remote peer to support Internet browsing”. • To configure a FortiClient Host Security application for Internet browsing via VPN, see “Configuring a FortiClient application to support Internet browsing” on page 82. These procedures assume that your VPN connection to the protected private network is working and that you have configured the FortiGate VPN server for Internet browsing as described in “Creating an Internet browsing firewall policy” on page 80. FortiGate IPSec VPN Version 3.0 User Guide 01-30005-0065-20070716 81
Page 1 and 2:
USER GUIDE FortiGate IPSec VPN Vers
Page 3 and 4:
Contents Contents Introduction ....
Page 5 and 6:
Contents Adding XAuth authenticatio
Page 7 and 8:
Contents Defining IKE negotiation p
Page 9 and 10:
Introduction About FortiGate IPSec
Page 11 and 12:
Introduction About this document
Page 13 and 14:
Introduction Fortinet documentation
Page 15 and 16:
Configuring IPSec VPNs IPSec VPN ov
Page 17 and 18:
Configuring IPSec VPNs General prep
Page 19 and 20:
Gateway-to-gateway configurations C
Page 21 and 22:
Gateway-to-gateway configurations G
Page 23 and 24:
Page 25 and 26:
Page 27 and 28:
Page 29 and 30: Gateway-to-gateway configurations H
Page 31 and 32: Gateway-to-gateway configurations H
Page 33 and 34: Hub-and-spoke configurations Config
Page 43 and 44: Hub-and-spoke configurations Dynami
Page 49 and 50: Dynamic DNS configurations Configur
Page 55 and 56: FortiClient dialup-client configura
Page 71 and 72: FortiGate dialup-client configurati
Page 79: Internet-browsing configuration Con
Page 83 and 84: Redundant VPN configurations Config
Page 85 and 86: Redundant VPN configurations Config
Page 87 and 88: Redundant VPN configurations Redund
Page 99 and 100: Redundant VPN configurations Partia
Page 105 and 106: Transparent mode VPNs Configuration
Page 107 and 108: Transparent mode VPNs Configuration
Page 109 and 110: Transparent mode VPNs Configure the
Page 111 and 112: Manual-key configurations Configura
Page 113 and 114: Manual-key configurations Specify t
Page 115 and 116: IPv6 IPSec VPNs Overview of IPv6 IP
Page 117 and 118: IPv6 IPSec VPNs Site-to-site IPv6 o
Page 127 and 128: Auto Key phase 1 parameters Overvie
Page 129 and 130: Auto Key phase 1 parameters Authent
Page 131 and 132:
Auto Key phase 1 parameters Authent
Page 133 and 134:
Page 135 and 136:
Page 137 and 138:
Auto Key phase 1 parameters Definin
Page 139 and 140:
Auto Key phase 1 parameters Definin
Page 141 and 142:
Auto Key phase 1 parameters Using X
Page 143 and 144:
Phase 2 parameters Basic phase 2 se
Page 145:
Phase 2 parameters Advanced phase 2
Page 148 and 149:
Configure the phase 2 parameters Ph
Page 150 and 151:
Defining firewall policies Defining
Page 152 and 153:
Page 154 and 155:
Page 156 and 157:
Monitoring VPN connections Monitori
Page 158 and 159:
Logging VPN events Monitoring and t
Page 160 and 161:
VPN troubleshooting tips Monitoring
Page 162 and 163:
Index Encryption Algorithm, Manual
Page 164 and 165:
Index remote peer authenticating wi
Page 166:
www.fortinet.com
show all

FortiGate IPSec VPN User Guide - FirewallShop.com

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?