FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
Article Id 191838
IPsec VPN can be configured in FortiManager at the device level or at the VPN console.  This article provides the steps to configure an IPsec tunnel on a specific FortiGate without using the VPN console.

Use the following steps to configure IPsec VPN at the device level in the FortiManager.

- At the adom and the device level, verify that all the following objects are enabled in the display option: Interface, Static Route, IPsec Phase 1, IPsec Phase 2, Policy, Address, Dynamic Objects.

- From the Device Manager> All FortiGates, access the dashboard of the device on which the VPN is to be configured and complete the steps below to configure the VPN phases and the static route:

1)  Menu > VPN > IPsec Phase 1, Configure IPsec Phase 1 settings.

2)  Menu > VPN > IPsec Phase 2,  Configure IPsec Phase 2 settings.

3)  Menu > Router > Static Route, Configure static routes if the VPN is in interface mode.

- Go to Policy & Objects to configure the VPN policy.

 4) Create a new Address

From Objects > Firewall Objects, create new Addresses and enable Per-device Mapping to specify the real address to be installed on the FortiGate device, and map to address.

5) Create an interface to mapped to the IPsec VPN phase 1 created on the FortiGate.

Objects > Interface,  and Create a new interface.  Enable Per device mapping. Select Create New to edit the mapped device and the IPsec VPN phase 1.

6) In the policy packet to be installed on the device, create the VPN policies using the global address and the interfaces configured.