Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
sjoshi
Staff
Staff

Created on ‎09-09-2025 12:45 AM

Article Id 409756

Technical Tip: How to Push FortiGate VPN Configurations via FortiManager

Description

 

This article describes how to create, manage, and push FortiGate IPsec VPN configurations using FortiManager, enabling centralized provisioning and simplified deployment of VPN tunnels across multiple devices.

 

Scope

 

FortiGate, FortiManager.

 

Solution

 

FortiGate is managed by FortiManager, and the configuration is in sync.

 

1.PNG

 

If the IPsec VPN configuration is performed locally on the FortiGate after it is managed by FortiManager, the configuration status will show as out of sync, which is not recommended. The best practice is to push the VPN configuration directly from FortiManager to the FortiGate.

 

  • To create an IPsec VPN template in FortiManager, follow these steps:
    Go to Device Manager -> Provisioning Templates -> IPsec Tunnel Templates.

 

2.PNG

3.PNG

 

IPsec VPN templates in FortiManager follow the same setup procedure as the FortiGate GUI. All parameters available in the FortiGate CLI can also be configured in the FortiManager IPsec template GUI by expanding the advanced options.

 

Select OK to save the settings. The IPsec VPN template is now created and can be assigned to target devices

 

  • The provision template can be assigned to the device as below:

 

1.PNG

 

2.PNG

 

  • To install the VPN configuration, select Install Wizard:

 

3.PNG

 

  • Select on Device Settings only:

 

4.PNG

 

  • Select the target device to which the configuration will be pushed.

 

4.PNG

 

  • It is recommended to always review the installation preview, as it provides a clear view of the exact configuration that will be pushed.

Once the installation completes, it will show as Installed successfully.

 
5.PNG

 

  • Before pushing the policy packages for the VPN interface, create a normalized interface, and device mapping can be done.

 

5.PNG

 

  • Policies can be created and then deployed to devices using the Install Wizard to push the policy package.

 

5.PNG

 

Once the install wizard is done and the policy package is pushed, it is possible to see the policy and VPN config present on the FortiGate, which indicates that FortiManager has successfully pushed the needful configuration.

Note: Static route can also be configured on the FortiManager and installed on the respective FortiGate.

 

  • On the FortiGate, the presence of both the VPN and policy configurations can be verified.

 

5.PNG

 

5.PNG

81
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.