FortiGate IPSec VPN User Guide - FirewallShop.com
FortiGate IPSec VPN User Guide - FirewallShop.com
FortiGate IPSec VPN User Guide - FirewallShop.com
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Internet-browsing configuration<br />
Routing all remote traffic through the <strong>VPN</strong> tunnel<br />
Inbound NAT<br />
Enable<br />
Configure other settings as needed.<br />
To create an Internet browsing policy - route-based <strong>VPN</strong><br />
1 Go to Firewall > Policy.<br />
2 Select Create New, enter the following information and then select OK:<br />
Source Interface<br />
Source Address Name<br />
Destination Interface<br />
Destination Address Name<br />
Schedule<br />
Service<br />
Action<br />
NAT<br />
Protection Profile<br />
The <strong>IPSec</strong> <strong>VPN</strong> interface.<br />
All<br />
The interface that connects to the Internet. The virtual<br />
<strong>IPSec</strong> interface is configured on this physical interface.<br />
All<br />
As required.<br />
As required.<br />
ACCEPT<br />
Enable<br />
Configure other settings as needed.<br />
Select the protection profile that you want to apply to<br />
Internet access.<br />
The <strong>VPN</strong> clients must be configured to route all Internet traffic through the <strong>VPN</strong><br />
tunnel.<br />
Routing all remote traffic through the <strong>VPN</strong> tunnel<br />
To make use of the Internet browsing configuration on the <strong>VPN</strong> server, the <strong>VPN</strong><br />
peer or client must route all traffic through the <strong>VPN</strong> tunnel. Usually, only the traffic<br />
destined for the private network behind the <strong>FortiGate</strong> <strong>VPN</strong> server is sent through<br />
the tunnel.<br />
The remote end of the <strong>VPN</strong> can be a <strong>FortiGate</strong> unit that acts as a peer in a<br />
gateway-to-gateway configuration or a FortiClient Host Security application that<br />
protects an individual client such as a notebook PC.<br />
• To configure a remote peer <strong>FortiGate</strong> unit for Internet browsing via <strong>VPN</strong>, see<br />
“Configuring a <strong>FortiGate</strong> remote peer to support Internet browsing”.<br />
• To configure a FortiClient Host Security application for Internet browsing via<br />
<strong>VPN</strong>, see “Configuring a FortiClient application to support Internet browsing”<br />
on page 82.<br />
These procedures assume that your <strong>VPN</strong> connection to the protected private<br />
network is working and that you have configured the <strong>FortiGate</strong> <strong>VPN</strong> server for<br />
Internet browsing as described in “Creating an Internet browsing firewall policy”<br />
on page 80.<br />
<strong>FortiGate</strong> <strong>IPSec</strong> <strong>VPN</strong> Version 3.0 <strong>User</strong> <strong>Guide</strong><br />
01-30005-0065-20070716 81