How to create firewall policy in a policy-based-ipsec.

T2K · ‎11-21-2022

Hi,

I set up Site-to-Site vpn with policy-based-ipsec.

In this case, I can create outbound policy (aka, internal to wan with action IPSec), but not inbound policy (from vpn to internal).

I know that I check "Allow traffic to be initiated from the remote site", reverse session is allowed.

But I only need inbound policy.

How do I do this ?

FW : Fortigate 40F

OS ver : 7.2.2

Regards,

jintrah_FTNT · ‎11-22-2022

Hi,

In the vpn policy from internal to wan, just keep inbound enabled and outbound disabled. This will only allow traffic initiated from peer site.

config firewall policy

edit <>

set action ipsec
set inbound enable
set outbound disable
set vpntunnel < >

best regards,

Jin

T2K · ‎11-23-2022

Hi, Jin.

Thank you for your reply.

I'm considering the following situation.
In this case, how should I configure it?

I know that route-base-ipsec can be that because Fortigate create tunnel interface.

Regards,

T2K · ‎12-12-2022

Does anyone know?

RachelGomez123 · ‎12-12-2022

To configure a firewall:
Go to Network Security > Firewall.
Select [IPv4 Policy | IPv6 Policy].
Click Add to display the configuration editor.
Complete the configuration as described in Table 66.
Save the configuration.
Reorder rules, as necessary.

Regards,

Rachel Gomez

T2K · ‎12-13-2022

Thank you for your reply.

I can't see the tunnel interface in "Incomming Interface" with policy based vpn.

I can only create policy from inside to outside(to use action vpn ).

This does not fulfill my request.

Regards,