Fortinet 100A User Manual

Page 267

Advertising
background image

VPN

IPSec configuration procedures

FortiGate-100A Administration Guide

01-28007-0068-20041203

267

2

In the Address Name field, type a name that represents the local network, server(s),
or host(s) from which IP packets may originate on the private network behind the local
FortiGate unit.

3

In the IP Range/Subnet field, type the corresponding IP address and subnet mask (for
example, 172.16.5.0/24 for a subnet, or 172.16.5.1/32 for a server or host) or

IP address range (for example, 192.168.10.[80-100]).

4

Select OK.

To define an IP destination address

1

Go to Firewall > Address and select Create New.

2

In the Address Name field, type a name that represents the remote network, server(s),
or host(s) to which IP packets may be delivered.

3

In the IP Range/Subnet field, type the corresponding IP address and subnet mask (for
example, 192.168.20.0/24 for a subnet, or 192.168.20.2/32 for a server or

host), or IP address range (for example, 192.168.20.[10-25]).

4

Select OK.

To define the firewall encryption policy

1

Go to Firewall > Policy and select Create New.

2

Include appropriate entries as follows:

Interface/Zone

Source
Select the local interface to the internal (private) network.
Destination
Select the local interface to the external (public) network.

Address Name

Source
Select the name that corresponds to the local network, server(s), or

host(s) from which IP packets may originate.
Destination
Select the name that corresponds to the remote network, server(s), or

host(s) to which IP packets may be delivered. The name may correspond

to a VIP-address range for dialup clients.

Schedule

Keep the default setting (always) unless changes are needed to meet

specific requirements.

Service

Keep the default setting (ANY) unless changes are needed to meet your

specific requirements.

Action

Select ENCRYPT.

VPN Tunnel

Select the name of the phase 2 tunnel configuration to which this policy

will apply.
Select Allow inbound if traffic from the remote network will be allowed to

initiate the tunnel.
Select Allow outbound if traffic from the local network will be allowed to

initiate the tunnel.
Select Inbound NAT to translate the source IP addresses of inbound

decrypted packets into the IP address of the FortiGate internal interface.
Select Outbound NAT to translate the source address of outbound

encrypted packets into the IP address of the FortiGate public interface.

Advertising
Popular Brands
Popular manuals