Adding a source address – Fortinet FortiGate 4000 User Manual

Page 250

Advertising
background image

250

Fortinet Inc.

Configuring encrypt policies

IPSec VPN

In addition to defining membership in the VPN by address, you can configure the
encrypt policy for services such as DNS, FTP, and POP3, and to allow connections
according to a predefined schedule (by the time of the day or the day of the week,
month, or year). You can also configure the encrypt policy for:

• Inbound NAT to translate the source of incoming packets.

• Outbound NAT to translate the source address of outgoing packets.

• Traffic shaping to control the bandwidth available to the VPN and the priority of the

VPN.

• Content profiles to apply antivirus protection, web filtering, and email filtering to

web, file transfer, and email services in the VPN.

• Logging so that the FortiGate unit logs all connections that use the VPN.

The policy must also include the VPN tunnel that you created to communicate with the
remote FortiGate VPN gateway. When users on your internal network attempt to
connect to the network behind the remote VPN gateway, the encrypt policy intercepts
the connection attempt and starts the VPN tunnel added to the policy. The tunnel uses
the remote gateway added to its configuration to connect to the remote VPN gateway.
When the remote VPN gateway receives the connection attempt, it checks its own
policy, gateway, and tunnel configuration. If the configuration is allowed, an IPSec
VPN tunnel is negotiated between the two VPN peers.

Adding a source address

Adding a destination address

Adding an encrypt policy

Adding a source address

The source address is located within the internal network of the local VPN peer. It can
be a single computer address or the address of a network.

To add a source address

1

Go to Firewall > Address.

2

Select an internal interface.

3

Select New to add an address.

4

Enter the Address Name, IP Address, and NetMask for a single computer or for an
entire subnetwork on an internal interface of the local VPN peer.

5

Select OK to save the source address.

Note: The destination address can be a VPN client address on the Internet or the address of a
network behind a remote VPN gateway.

Advertising
Popular Brands
Popular manuals