VPN Dialup Access List

Forum|Forum|9 months ago
August 26, 2025
1 reply
906 views

How we can create access list to limit which ip address can be connected to the vpn dialup?

FortiGate

Toshi_Esumi

SuperUser

Use local-in policy. Service "IKE" covers both UDP 500 and 4500.
https://docs.fortinet.com/document/fortigate/7.6.3/administration-guide/363127/local-in-policy

<edit> Almost forgot to mention, local-in policy config in GUI started with 7.6.x. If you're running 7.4.x or below, you need to use CLI. </edit>

Toshi

HS08Author

Visitor III

i try to make local policy but there is no tunnel dial-up interface and even no interface of my internet (port1)

Toshi_Esumi

SuperUser

No. The local-in policy works outside of the tunnel. You just need to apply it to the physical incoming interface, port1. Are you using 7.6 GUI or CLI?
If you're using SD-WAN, you might need to use "virtual-wan-link" zone name instead.

Toshi

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded