FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
jngouo_FTNT
Staff
Staff
Article Id 191838

Description

 
This article describes that IPsec VPN can be configured in FortiManager at the device level or at the VPN console and how to configure an IPsec tunnel on a specific FortiGate without using the VPN console.
 
Scope
 
FortiManager.


Solution

 

Use the following steps to configure IPsec VPN at the device level in the FortiManager.

  • At the adom and the device level, verify that all the following objects are enabled in the display option: Interface, Static Route, IPsec Phase 1, IPsec Phase 2, Policy, Address, and Dynamic Objects.
  • From the Device Manager -> All FortiGates, access the dashboard of the device on which the VPN is to be configured and complete the steps below to configure the VPN phases and the static route:
  1. Menu -> VPN -> IPsec Phase 1, Configure IPsec Phase 1 settings.
  2. Menu -> VPN -> IPsec Phase 2,  Configure IPsec Phase 2 settings.
  3. Menu -> Router > Static Route, Configure static routes if the VPN is in interface mode. Go to Policy & Objects to configure the VPN policy.
  4. Create a new Address: From Objects -> Firewall Objects, create new Addresses and enable Per-device Mapping to specify the real address to be installed on the FortiGate device, and map it to the address.
  5. Create an interface to map to the IPsec VPN phase 1 created on the FortiGate.Objects -> Interface,  and create a new interface.  Enable per-device mapping. Select Create New to edit the mapped device and the IPsec VPN phase 1.
  6.  In the policy packet to be installed on the device, create the VPN policies using the global address and the interfaces configured.