FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 190601

This article describes how to configure VPN via FortiManager's VPN Manager.

In FortiManager 5.6.0 and later, mixed-mode VPN allows VPNs to be concurrently configured through VPN Manager and on the FortiGate device in Device Manager.

In FortiManager versions prior to 5.6.0, central VPN management must be disabled to configure VPNs in Device Manager.

On the VPN manager pane, you can configure IPsec VPN settings that you can install on multiple devices.

1. Enable VPN Manager

2. Create VPN Community

You may created full-meshed, star, and dial-up IPsec VPN communities.
IPsec VPN communities are also sometimes called VPN topologies.

In this example, we create a Star topology with a hub and a spoke:

Configure Phase 1 and Phase 2 according to your requirements.

3. Create IPSEC VPN Gateways

A VPN gateway functions as one end of a VPN tunnel. It receives incoming IPsec packets, decrypts the encapsulated data packets, then passes the data packets to the local network. It also encrypts, encapsulates, and sends the IPsec data packets to the gateway at the other end of the VPN tunnel.

The IP address of a VPN gateway is usually the IP address of the network interface that connects to the Internet.

Create a HUB

Select Managed Gateway for devices managed by FortiManager.

External Gateway is not managed by FortiManager, or managed in another ADOM.

Default VPN interface (usually the internet-facing interface):

Create SPOKE

Hub and Spoke created:

Install the VPN Configuration using Install Wizard

Install to hub:

Install to Spoke:

4. Create Firewall Policies

Firewall policies at hub:

create firewall policies 1.png

Firewall policies at spoke:

create firewall policies 2.png

Install the policies.

Tunnel is up:

create firewall policies 3.png