Description
Solution
On the VPN manager pane, you can configure IPsec VPN settings that you can install on multiple devices.
1. Enable VPN Manager
2. Create VPN Community
You may created full-meshed, star, and dial-up IPsec VPN communities.
IPsec VPN communities are also sometimes called VPN topologies.
In this example, we create a Star topology with a hub and a spoke:
Configure Phase 1 and Phase 2 according to your requirements.
3. Create IPSEC VPN Gateways
A VPN gateway functions as one end of a VPN tunnel. It receives incoming IPsec packets, decrypts the encapsulated data packets, then passes the data packets to the local network. It also encrypts, encapsulates, and sends the IPsec data packets to the gateway at the other end of the VPN tunnel.
The IP address of a VPN gateway is usually the IP address of the network interface that connects to the Internet.
Create a HUB
Select Managed Gateway for devices managed by FortiManager.
External Gateway is not managed by FortiManager, or managed in another ADOM.
Default VPN interface (usually the internet-facing interface):
Create SPOKE
Hub and Spoke created:
Install the VPN Configuration using Install Wizard
Install to hub:
Install to Spoke:
4. Create Firewall Policies
Firewall policies at hub:
Firewall policies at spoke:
Install the policies.
Tunnel is up:
This article describes how to configure VPN via FortiManager's VPN Manager.
In FortiManager 5.6.0 and later, mixed-mode VPN allows VPNs to be concurrently configured through VPN Manager and on the FortiGate device in Device Manager.
In FortiManager versions prior to 5.6.0, central VPN management must be disabled to configure VPNs in Device Manager.
Solution
On the VPN manager pane, you can configure IPsec VPN settings that you can install on multiple devices.
1. Enable VPN Manager
2. Create VPN Community
You may created full-meshed, star, and dial-up IPsec VPN communities.
IPsec VPN communities are also sometimes called VPN topologies.
In this example, we create a Star topology with a hub and a spoke:
Configure Phase 1 and Phase 2 according to your requirements.
A VPN gateway functions as one end of a VPN tunnel. It receives incoming IPsec packets, decrypts the encapsulated data packets, then passes the data packets to the local network. It also encrypts, encapsulates, and sends the IPsec data packets to the gateway at the other end of the VPN tunnel.
The IP address of a VPN gateway is usually the IP address of the network interface that connects to the Internet.
Create a HUB
Select Managed Gateway for devices managed by FortiManager.
External Gateway is not managed by FortiManager, or managed in another ADOM.
Create SPOKE
Hub and Spoke created:
Install the VPN Configuration using Install Wizard
Install to hub:
Install to Spoke:
4. Create Firewall Policies
Firewall policies at hub:
Firewall policies at spoke:
Install the policies.
Tunnel is up:
