FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
gmarcuccetti
Staff
Staff
Description This article describes how to create an IPSec VPN IKE v1 between Fortigate and Native MAC OS client.
Scope  
Solution

it is possible to use the GUI wizard to create it:

 

1) Go to Template type -> Remote access ->Remote Device type -> Native.

iOS Native.

gmarcuccetti_0-1638970603221.png

 

2) Configure the incoming interface, the Pre-shared key, the User Group and the peer ID flagging Require Group Name on VPN Client.

 

gmarcuccetti_1-1638970672099.pnggmarcuccetti_3-1638971276317.png

 

3) Configure Local Interface, Local Address, Client Address Range and Mask, DNS setting, enable Split Tunnel if required.


gmarcuccetti_2-1638970919047.png


From CLI.

 

# config vpn ipsec phase1-interface
    edit "MAC-client"
        set type dynamic
        set interface "port1"
        set keylife 3600
        set mode aggressive
        set peertype one
        set net-device disable
        set mode-cfg enable
        set ipv4-dns-server1 192.168.55.4
        set proposal aes256-sha256 aes256-md5 aes256-sha1
        set comments "VPN: dialup_mac (Created by VPN wizard)"
        set dhgrp 14 5 2
        set wizard-type dialup-ios
        set xauthtype auto
        set authusrgrp "IPSec-group"
        set peerid "fortinetpeer"
        set ipv4-start-ip 172.16.19.1
        set ipv4-end-ip 172.16.19.10
        set ipv4-split-include "dialup_mac_split"
        set psksecret fortinet
    next
end


# config vpn ipsec phase2-interface
    edit "MAC-client"
        set phase1name "MAC-client"
        set proposal aes256-sha256 aes256-md5 aes256-sha1
        set pfs disable
        set keepalive enable
        set comments "VPN: dialup_mac (Created by VPN wizard)"
    next
end


On the MAC.

 
Go to System Preferences -> Network and click on '+'.

 

gmarcuccetti_4-1638971844553.png

 

Set interface to VPN, set VPN type to Cisco IPSec and then create

gmarcuccetti_5-1638971920973.png

 

Configure Server Address, Account Name and Password.

gmarcuccetti_6-1638971987435.png

 

Select Authentication Settings to configure Shared Secret and Group Name.

 

gmarcuccetti_7-1638972055272.png

 

It is now, possible to connect.

gmarcuccetti_8-1638972562102.png