Configuring Internet Browsing Through A Vpn Tunnel - Fortinet FortiGate FortiGate-500 Administration Manual
Fortinet fortigate fortigate-500: user guide
Hide thumbs
Also See for FortiGate FortiGate-500:
- Installation manual (60 pages) ,
- Quick start manual (2 pages) ,
- Administration manual (458 pages)
Table of Contents
Advertisement
Internet browsing through a VPN tunnel
Configuring Internet browsing through a VPN tunnel
10
11
12
286
Note: To support Internet browsing through a VPN, the remote VPN client must be configured to
deny split tunnelling.
Configure Internet browsing through a VPN tunnel be selecting advanced settings in a
IPSec Phase 2 configuration. For Internet browsing, select the Interface through
which remote VPN users can connect through the firewall to the Internet. The internet
browsing interface becomes the virtual source interface from which VPN users can
browse the Internet.
In most configurations, the Internet browsing interface would be the internal interface
and VPN users would be able to browse the Internet using the same firewall policies
as users on the internal network (for example, internal -> external policies).
You can also create dedicated firewall policies just for VPN users. One way to do this
is to designate a virtual source interface just for VPN users. The virtual source
interface could be a physical interface or a VLAN sub-interface. You can add a VLAN
sub-interface just for this purpose.
In the IPSec VPN Phase 2 configuration, set Internet browsing to the virtual source
interface. Then create Internet access policies for VPN users. For example, if the
virtual source interface is VLAN_21, and the external interface is connected to the
Internet, you would require create VLAN_21 -> external firewall policies.
To configure Internet browsing through a VPN tunnel
1
Go to VPN > IPSec > Phase 1.
2
Add a phase 1 configuration to define the parameters used to authenticate the remote
VPN peer. See
"Phase 1" on page
3
Go to VPN > IPSec > Phase 2.
4
Add the phase 2 configuration to define the parameters used to create and maintain
the AutoKey VPN tunnel. See
5
Select Advanced.
6
If the remote gateway corresponds to a dialup user and the client broadcasts a DHCP
request for an IP address, select DHCP-IPsec. See
7
Set Internet browsing to the interface through which you want users to connect to the
Internet (usually the internal interface).
8
Set Internet browsing to the interface through which you want users to connect to the
Internet (for example, the port 1 interface).
9
Go to Firewall > Policy.
Add the required IPSec VPN encryption policy. See
VPN tunnels" on page
If required, add additional firewall policies to support internet browsing.
Configure the remote VPN clients to deny split tunneling.
250.
"Phase 2" on page
284.
01-28006-0007-20041105
254.
"System DHCP" on page
"Adding firewall policies for IPSec
VPN
73.
Fortinet Inc.
- Quick Links:
- Interface
Hide quick links:
Advertisement
Table of Contents
