Technical Note : How to configure IPSec transport mode on a FortiGate
Description
Scope
FortiOS 4.0MR2 and above
Solution
The configuration is available only from CLI :
The other settings are similar to regular tunnel mode configuration
IPSec VPN maybe implemented in tunnel mode (default mode on the FortiGate), or now also in transport mode since FortiOS 4.0MR2.
Tunnel mode is mostly used for Gateway-to-Gateway connections, as well as to connect proprietary VPN clients to VPN gateway (like FortiClient, Cisco VPN Client, CheckPoint SecureClient, etc...).
Transport mode may be used between end-stations supporting IPSec, or between an end-station and a gateway.
Scope
FortiOS 4.0MR2 and above
Solution
The configuration is available only from CLI :
| config vpn ipsec phase2 edit <PHASE2_NAME_HERE> set encapsulation transport-mode end |
The other settings are similar to regular tunnel mode configuration