Skip to main content
jkoay
Staff & Editor
jkoay
Staff & Editor
August 22, 2019

Technical Tip: Remote browsing over IPSec VPN tunnel

  • August 22, 2019
  • 0 replies
  • 26450 views

Description


This article describes how to configure FortiGate to allow remote browsing over IPSec VPN tunnel.

 

Scope

 

FortiGate.

Solution


Remote browsing over IPSec VPN tunnel:

In this example, 2 FortiGates (FortiGate A and FortiGate C) have established a VPN tunnel and local subnet in FortiGate C (10.221.0.0/16) will require to access Internet via VPN_TO_FGTA tunnel.

Configuration in FortiGate C:

 

  1. Create a default route in FortiGate C to make sure all other traffic besides VPN will go through VPN tunnel:

 

 
Another option is to create a policy route for this if you only want to send a specific subnet traffic through IP Sec tunnel and the remaining traffic through local ISP.
 
  1. On VPN phase 2 selectors, create a new selector with a local address pointing to 10.221.0.0/16 and a remote address set to 0.0.0.0/0.0.0.0
 
 
  1. Create a firewall policy for the local subnet to access the internet over a VPN tunnel:
 
 
  1. Set an IP address and remote address on the VPN tunnel, go to Network -> Interfaces.
 
 
Configuration in FortiGate A:
 
  1. Configure phase 2 selectors in the VPN tunnel:

 

 
  1. Create a firewall policy for VPN users to access to Internet:
 
 
  1. Set an IP address and remote address on VPN tunnel, go to Network -> Interfaces.
 
 
Test results in FortiGate A:
 
 
Terms & ConditionsAccessibility statement