Description
This article describes that IPsec VPN can be configured in FortiManager at the device level or at the VPN console and how to configure an IPsec tunnel on a specific FortiGate without using the VPN console.
Scope
FortiManager.
Solution
Use the following steps to configure IPsec VPN at the device level in the FortiManager.
- At the adom and the device level, verify that all the following objects are enabled in the display option: Interface, Static Route, IPsec Phase 1, IPsec Phase 2, Policy, Address, and Dynamic Objects.
- From the Device Manager -> All FortiGates, access the dashboard of the device on which the VPN is to be configured and complete the steps below to configure the VPN phases and the static route:
- Menu -> VPN -> IPsec Phase 1, Configure IPsec Phase 1 settings.
- Menu -> VPN -> IPsec Phase 2, Configure IPsec Phase 2 settings.
- Menu -> Router > Static Route, Configure static routes if the VPN is in interface mode. Go to Policy & Objects to configure the VPN policy.
- Create a new Address: From Objects -> Firewall Objects, create new Addresses and enable Per-device Mapping to specify the real address to be installed on the FortiGate device, and map it to the address.
- Create an interface to map to the IPsec VPN phase 1 created on the FortiGate.Objects -> Interface, and create a new interface. Enable per-device mapping. Select Create New to edit the mapped device and the IPsec VPN phase 1.
- In the policy packet to be installed on the device, create the VPN policies using the global address and the interfaces configured.