| Description |
This article describes how to setup IPSec Dial up VPN to remotely manage the FortiGate. |
| Scope |
FortiGate, FortiClient. |
| Solution |
There are three steps involved in this article that provide setup and configuration for the VPN:
Step 1:
To begin, start by configuring the interface to allow for HTTPS access. Navigate to Network -> Interface. Here, port2 has been allocated to be the management interface and allow HTTPS.
Step 2:
Configure the VPN by navigating to VPN -> IPsec Wizard.
In the authentication step of the wizard, set the incoming interface as the WAN interface and fill out the PSK and user group.
In the Policy & Routing, the local interface will be set as port2 which is the interface where I have allow HTTPS access. The local address was created to allow access to port2, 10.10.10.254/32:
Verify the policy was installed by the IPsec wizard, Policy & Objects -> Firewall Policy:
Step 3:
Lastly configure the FortiClient settings. The FortiClient will require the remote gateway which is the public IP address of the WAN interface or FQDN, and pre-shared key. Make sure that the FortiGate and FortiClient have matched phase1 and phase2 proposals before connecting:
Connect to the VPN and access the FortiGate using the interface IP https://10.10.10.254:
Once the FortiGate is accessible internally through HTTPS, navigate to Network -> Interfaces and uncheck HTTP, HTTPS, and SSH on the public interface.
Note: Include the necessary IP address(es) in the local-in-policy or trusted hosts if needed: Local-in policy | FortiGate / FortiOS 7.6.1 | Fortinet Document Library |
