FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
In FortiOS v5.2.x and 5.0.x, policy based IPSec is disabled only in GUI by default. It can be configured in CLI or by using the Enable feature in the GUI. Once enabled, IPSec tunnels can be used in the Firewall Policy.
To enable this feature (disabled by default):
config system global set ? set gui-policy-based-ipsec enable end ==> to save the changes
Go to > system > Features > click on short Pencil icon > show more > Enable > Policy-Based IPSec VPN > Click apply to save changes.
Now go to VPN > IPSec > create new phase1 > disable > "ipsec interface mode"> configure Phase1 and Phase2
Now go to firewall policy > create new >select VPN > select > ipsec > configure accordingly:
Fully configured Policy Based IPsec VPN Firewall policy will be as below:
Config firewall policy
edit 2 set srcintf "internal" set dstintf "wan2" set srcaddr "all" set dstaddr "all" set action ipsec set schedule "always" set service "ALL" set inbound enable <-------- set outbound enable set vpntunnel "testTunnel" <------ next