Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ymasaki
Staff
Staff

Created on ‎10-30-2019 03:05 AM Edited on ‎01-29-2025 04:04 PM By Staff

Article Id 197667

Technical Tip: Dialup VPN Configuration Between Two FortiGates

Description


This article describes how to configure Dial-up VPN between two FortiGates.

 

Scope

 

FortiGate.

Solution

 

The FortiGate can be configured to have a point-to-multipoint Dial-up VPN.


Here is the Step by Step guide:

Note:

Dial-up Configuration between FortiGate to FortiGate as a Remote Gateway as 'Dial-up User'.

 

Select Site to Site with NAT configuration, the remote site is behind NAT, and then a VPN is automatically created with the Dial-up user.

 

  1. Phase 1 Configuration (Dial-up Server and Client):

 

 
Note:
For versions above v7.2.8, only one DH group should be selected on both Phase 1 and 2 between FortiGate and FortiClient, when configuring IPsec Dial-up in aggressive mode. In the above screenshots, 14 and 5 are checked but need to only select one of them on both sides i.e. FortiGate and FortiClient.
 
  1. Phase 2 Selectors Configuration (Dial-up Server and Client):
 
 
  1. Firewall Policies for VPN:
 
 
  1. Static and Dynamic Routes for Dial-up VPN:
 
 
Note:
IPSec Wizard can also be used to set up a Dial-up VPN between two FortiGates.
 
Related document: 
FortiGate as dialup client
12631
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.