Skip to main content
T2K
T2K
Visitor III
November 22, 2022
Question

How to create firewall policy in a policy-based-ipsec.

  • November 22, 2022
  • 3 replies
  • 2400 views

Hi,

I set up Site-to-Site vpn with policy-based-ipsec.

In this case, I can create outbound policy (aka, internal to wan with action IPSec), but not inbound policy (from vpn to internal).

I know that I check "Allow traffic to be initiated from the remote site", reverse session is allowed.

But I only need inbound policy. 

How do I do this ?

 

FW : Fortigate 40F

OS ver : 7.2.2

 

Regards,

3 replies

jintrah_FTNT
Staff
jintrah_FTNT
Staff
November 23, 2022

Hi,

 

In the vpn policy from internal to wan, just keep inbound enabled and outbound disabled. This will only allow traffic initiated from peer site.

 

config firewall policy

edit <>

set action ipsec
set inbound enable
set outbound disable
set vpntunnel <  >

next

end

 

best regards,

Jin

T2K
T2KAuthor
Visitor III
November 24, 2022

Hi, Jin.

 

Thank you for your reply.

 

I'm considering the following situation.
In this case, how should I configure it?

image.png

 

I know that route-base-ipsec can be that because Fortigate create tunnel interface.

 

Regards,

 

T2K
T2KAuthor
Visitor III
December 13, 2022

Does anyone know?

RachelGomez123
RachelGomez123
New Member
December 13, 2022

To configure a firewall:
Go to Network Security > Firewall.
Select [IPv4 Policy | IPv6 Policy].
Click Add to display the configuration editor.
Complete the configuration as described in Table 66.
Save the configuration.
Reorder rules, as necessary.

Regards,

Rachel Gomez

T2K
T2KAuthor
Visitor III
December 14, 2022

Thank you for your reply.

 

I can't see the tunnel interface in "Incomming Interface" with policy based vpn.

I can only create policy from inside to outside(to use action vpn ).

This does not fulfill my request.

 

Regards,

Terms & ConditionsAccessibility statement