Help
FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
singhl
Staff
Staff

Created on ‎05-18-2025 09:49 PM

Article Id 392235

Technical Tip: Build Dialup IPsec tunnel using IPSec Templates on FortiManager

Description

 

This article describes how to build a Dialup IPsec tunnel using IPSec Templates in FortiManager.

 

Scope

 

FortiManager.

 

Solution

 

There are 2 scenarios to configure VPN and control access to specific networks:

  • Using peerid and building a separate phase1 interface for each protected subnet (phase 2 selector of dialup server).
  • Managing access using Xauth and firewall policies.

 

Configure IPsec template for Dialup VPN:

  1. Select 'Create New' under Device Manager -> Provisioning Templates -> IPSec Tunnel.
  2. Set 'Name' of the template and then select 'Create New' to start configuring the IPsec tunnel.
  3. Configure phase1 and phase2 using the following details in the screenshot.

 

Phase1:

 

Ipsec_Phase1_1.png

 

Note: 

The address object used for the 'IPv4 client IP range' should have the 'type' set to 'IP Range'. Otherwise, the installation will fail.

 

Phase2:

 

ipsec_p2.png

 

 

  1. Install device settings on the FortiGate, and the IPsec configuration will be done.
  2. Device manager will show the IPsec tunnel and map it to a normalized interface.

 

ipsec_temp_interface.png

 

  1. Use the normalized interface in firewall policies to allow access.

 

ipsec_temp_policy.png

280
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.