Description |
This article describes how to setup IPSec Dial up VPN to remotely manage the FortiGate. |
Scope |
FortiGate, FortiClient. |
Solution |
There are three steps involved in this article that provide setup and configuration for the VPN:
Step 1:
To begin, start by configuring the interface to allow for HTTPS access. Navigate to Network -> Interface. Here, port2 has been allocated to be the management interface and allow HTTPS.
Step 2:
Configure the VPN by navigating to VPN -> IPsec Wizard.
In the authentication step of the wizard, set the incoming interface as the WAN interface and fill out the PSK and user group.
In the Policy & Routing, the local interface will be set as port2 which is the interface where I have allow HTTPS access. The local address was created to allow access to port2, 10.10.10.254/32:
Verify the policy was installed by the IPsec wizard, Policy & Objects -> Firewall Policy:
Step 3:
Lastly configure the FortiClient settings. The FortiClient will require the remote gateway which is the public IP address of the WAN interface or FQDN, and pre-shared key. Make sure that the FortiGate and FortiClient have matched phase1 and phase2 proposals before connecting:
Connect to the VPN and access the FortiGate using the interface IP https://10.10.10.254:
Once the FortiGate is accessible internally through HTTPS, navigate to Network -> Interfaces and uncheck HTTP, HTTPS, and SSH on the public interface.
Note: Include the necessary IP address(es) in the local-in-policy or trusted hosts if needed: Local-in policy | FortiGate / FortiOS 7.6.1 | Fortinet Document Library |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.