Adding a destination address, Adding an encrypt policy – Fortinet FortiGate 4000 User Manual
Page 251
IPSec VPN
Configuring encrypt policies
FortiGate-4000 Installation and Configuration Guide
251
Adding a destination address
The destination address can be a VPN client address on the Internet or the address of
a network behind a remote VPN gateway.
To add a destination address
1
Go to Firewall > Address.
2
Select an external interface.
3
Select New to add an address.
4
Enter the Address Name, IP Address, and NetMask for a single computer or for an
entire subnetwork on an internal interface of the remote VPN peer.
5
Select OK to save the destination address.
Adding an encrypt policy
To add an encrypt policy
1
Go to Firewall > Policy.
2
Select the policy list that you want to add the policy to (usually, Internal->External).
3
Select New to add a new policy.
4
Set Source to the source address.
5
Set Destination to the destination address.
6
Set Service to control the services allowed over the VPN connection.
You can select ANY to allow all supported services over the VPN connection or select
a specific service or service group to limit the services allowed over the VPN
connection.
7
Set Action to ENCRYPT.
8
Configure the ENCRYPT parameters.