FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 242663



This article describes how to connect to VPN using L2TP VPN and connect to a VPN Server which is internal to FortiGate.




All currently supported versions of FortiGate.




Traffic must be forwarded to the internal server, which will require authentication and creation of the VPN to be performed on the VPN server. 


Consider the following architecture:


VPN Server                  FortiGate                        PC 


On the PC the VPN is being configured for, forward the traffic from the WAN interface to the internal VPN server using a virtual IP:


- Create a virtual IP for the VPN server by navigating in the GUI to Policy & Objects -> Virtual IPs -> Create New.




- Create a Firewall Policy with the destination set to the virtual IP and allow the following services: L2TP, GRE, and PPTP. These are required for authentication and communication on the internal VPN server.




After this setup, the VPN will be connected to a VPN server behind the FortiGate without the further need to set up a VPN on FortiGate.