Scribd
Upload
332 views

IPsec VPN With FortiClient

This document provides instructions for configuring an IPsec VPN using FortiClient to provide remote users with secure access to an internal network through a FortiGate unit. The steps include: 1) Creating a user group for remote users; 2) Adding a firewall address for the local network; 3) Configuring the IPsec VPN using the IPsec VPN Wizard; 4) Creating a security policy for access to the Internet; 5) Configuring FortiClient; and 6) Verifying the results including an active tunnel status and traffic flowing through the tunnel.

Uploaded by

mgr71835505
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
332 views

IPsec VPN With FortiClient

This document provides instructions for configuring an IPsec VPN using FortiClient to provide remote users with secure access to an internal network through a FortiGate unit. The steps include: 1) Creating a user group for remote users; 2) Adding a firewall address for the local network; 3) Configuring the IPsec VPN using the IPsec VPN Wizard; 4) Creating a security policy for access to the Internet; 5) Configuring FortiClient; and 6) Verifying the results including an active tunnel status and traffic flowing through the tunnel.

Uploaded by

mgr71835505
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

Connecting to a FortiGate IPsec VPN using

FortiClient
This recipe uses the IPsec VPN Wizard to provide a group of remote users with secure,
encrypted access to the corporate network. The tunnel provides group members with
access to the internal network, but forces them through the FortiGate unit when accessing
the Internet.
When the tunnel is configured, you will connect using the FortiClient application.
1. Creating a user group for remote users
2. Adding a firewall address for the local network
3. Configuring IPsec VPN using the IPsec VPN Wizard
4. Creating a security policy for access to the Internet
5. Configuring FortiClient
6. Results

WAN 1
172.20.120.123
FortiGate
Local LAN
10.10.111.1-10.10.111.254

Internal Network

Internet

IPsec
FortiClient
Remote User

1. Creating a user group for remote users


Go to User & Device > User > User
Definition.
Create a new Local User with the
User Creation Wizard.
Proceed through each step of
the wizard, carefully entering the
appropriate information.

Go to User & Device > User > User


Groups.
Create a user group for remote users
and add the user you created.

2. Adding a firewall address for the local network


Go to Policy & Objects > Objects >
Addresses.
Add a firewall address for the Local
LAN, including the subnet and local
interface.

3. Configuring the IPsec VPN using the IPsec VPN Wizard


Go to VPN > IPSec > Wizard.
Name the VPN connection and select
Dial Up - FortiClient (Windows,
Mac OS, Android) and click Next.
The tunnel name must not have
any spaces in it.

Set the Incoming Interface to the


internet-facing interface.
Select Pre-shared Key for the
Authentication Method.
Enter a pre-shared key and select
the ipsecvpn user group, then click
Next.
The pre-shared key is a credential
for the VPN and should differ from
the users password.

Set Local Interface to an internal


interface (in the example, port 1) and
set Local Address to the local LAN
address.
Enter an IP range for VPN users in the
Client Address Range field.
The IP range you enter here
prompts FortiOS to create a
new firewall object for the VPN
tunnel using the name of your
tunnel followed by the _range
suffix (in this case, FortiClient
VPN_range).
In addition, FortiOS automatically
creates a security policy to allow
remote users to access the
internal network.

Click Next and select Client Options


as desired.

4. Creating a security policy for access to the Internet


Go to Policy & Objects > Policy >
IPv4.
Create a security policy allowing
remote users to access the Internet
securely through the FortiGate unit.
Set Incoming Interface to the tunnel
interface and set Source Address to
all.
Set Outgoing Interface to wan1
and Destination Address to all.
Set Service to all and ensure that
you enable NAT.

5. Configuring FortiClient
Open FortiClient, go to Remote
Access and Add a new
connection.

Provide a Connection Name and set


the Type to IPsec VPN.
Set Remote Gateway to the
FortiGate IP address.
Set Authentication Method to
Pre-Shared Key and enter the key
below.
Click OK.

Select the new connection, enter the


username and password, and click
Connect.

6. Results
Once the connection is established,
the FortiGate assigns the user an IP
address and FortiClient displays the
status of the connection, including the
IP address, connection duration, and
bytes sent and received.

On the FortiGate unit, go to VPN >


Monitor > IPsec Monitor and verify
that the tunnel Status is Up.
Go to Log & Report > Traffic Log >
Forward Traffic to view the traffic.
Verify that the Sent/Received
column displays traffic successfully
flowing through the tunnel.
Select an entry to view more
information.

You might also like