Adding Firewall Policies For Ipsec Vpn Tunnels - Fortinet FortiGate FortiGate-1000A Administration Manual
Fortinet fortigate fortigate-1000a: user guide
Hide thumbs
Also See for FortiGate FortiGate-1000A:
- Install manual (58 pages) ,
- Quick start manual (2 pages) ,
- Administration manual (458 pages)
Table of Contents
Advertisement
VPN configuration procedures
284
Adding firewall policies for IPSec VPN tunnels
Firewall policies control all IP traffic passing between a source address and a
destination address. A firewall encryption policy is needed to allow the transmission of
encrypted packets, specify the permitted direction of VPN traffic, and select the VPN
tunnel that will be subject to the policy. A single encryption policy is needed to control
both inbound and outbound IP traffic through a VPN tunnel.
Before you define the policy, you must first specify the IP source and destination
addresses.
To define an IP source address
1
Go to Firewall > Address and select Create New.
2
In the Address Name field, type a name that represents the local network, server(s),
or host(s) from which IP packets may originate on the private network behind the local
FortiGate unit.
3
In the IP Range/Subnet field, type the corresponding IP address and subnet mask (for
example, 172.16.5.0/24 for a subnet, or 172.16.5.1/32 for a server or host) or
IP address range (for example, 192.168.10.[80-100]).
4
Select OK.
To define an IP destination address
1
Go to Firewall > Address and select Create New.
2
In the Address Name field, type a name that represents the remote network, server(s),
or host(s) to which IP packets may be delivered.
3
In the IP Range/Subnet field, type the corresponding IP address and subnet mask (for
example, 192.168.20.0/24 for a subnet, or 192.168.20.2/32 for a server or
host), or IP address range (for example, 192.168.20.[10-25]).
4
Select OK.
To define the firewall encryption policy
1
Go to Firewall > Policy and select Create New.
2
Include appropriate entries as follows:
Source
Destination
Schedule
Service
Interface/Zone
Select the local interface to the internal (private) network.
Address Name
Select the name that corresponds to the local network, server(s), or
host(s) from which IP packets may originate.
Interface/Zone
Select the local interface to the external (public) network.
Address Name
Select the name that corresponds to the remote network, server(s), or
host(s) to which IP packets may be delivered. The name may correspond
to a VIP-address range for dialup clients.
Keep the default setting (always) unless changes are needed to meet
specific requirements.
Keep the default setting (ANY) unless changes are needed to meet your
specific requirements.
01-28011-0254-20051115
VPN
Fortinet Inc.
Advertisement
Table of Contents
