Skip to main content
WeekEnd-Engineer
WeekEnd-Engineer
Explorer
April 6, 2026
Question

Request for Complete Working Configuration – IPsec Client-to-Site FortiGate 1000D – FortiOS 7.4.11

  • April 6, 2026
  • 3 replies
  • 183 views

Hello Fortinet Community,

I am currently working on configuring an IPsec Client-to-Site VPN on a FortiGate 1000D running FortiOS 7.4.11, using FortiClient for remote access. Despite multiple attempts and referencing official documentation, I am facing difficulties achieving a fully functional setup, there are ambiguities especially in the difference between remote access ans custom config, it seems like custom config is a full and manual one.

I would appreciate it if someone could provide a complete, working configuration example, including both FortiGate and FortiClient configurations.

Environment Details

  • Device: FortiGate 1000D
  • Firmware: FortiOS 7.4.11
  • VPN Type: IPsec Client-to-Site ikev2
  • Authentication: Pre-Shared Key (PSK)
  • Client: FortiClient 7.4.3 VPN ONLY (not EMS)

Issues Encountered

  • Tunnel may establish intermittently, but traffic does not pass correctly.
  • I suspect there may be additional routing requirements beyond firewall policies.
  • when i add new tunnels , even the authentification block.

What I Am Looking For

A complete and validated configuration, ideally including:

1. FortiGate Configuration

  • Phase 1 (IKE) settings
  • Phase 2 (IPsec) settings
  • Mode-config (IP pool, DNS, etc.)
  • Firewall policies (VPN → LAN, LAN → VPN if needed)
  • Static routes (if required)
  • Any additional required settings (e.g., NAT, central SNAT, etc.)

2. FortiClient Configuration

  • Step-by-step configuration
  • Screenshots of:
    • Remote Gateway settings
    • Authentication 
    • Advanced settings 
  • Any known pitfalls or required options

3. Traffic Flow Explanation

  • How routing is handled
  • Whether explicit static routes are required for the VPN subnet
  • Clarification on how FortiGate handles return traffic

Goal

To obtain a clean, production-ready reference configuration that ensures stable tunnel establishment.

If anyone has a working lab or production example (especially with FortiOS 7.4.x), your input would be extremely valuable.

Thank you in advance for your support.

3 replies

Jean-Philippe_P
Staff & Editor
Jean-Philippe_P
Staff & Editor
April 9, 2026

Hello WeekEnd-Engineer, 

 

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible. 

Jean-Philippe - Fortinet Community Team
Jean-Philippe_P
Staff & Editor
Jean-Philippe_P
Staff & Editor
April 10, 2026

Hello,

 

We are still looking for an answer to your question.

 

We will come back to you ASAP.

Jean-Philippe - Fortinet Community Team
hpenmetsa
Staff
hpenmetsa
Staff
April 22, 2026

Hi, could you please review the following Fortinet KB on configuring remote access VPN and let me know if it is helpful?

 

    Terms & ConditionsAccessibility statement