- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to create firewall policy in a policy-based-ipsec.
Hi,
I set up Site-to-Site vpn with policy-based-ipsec.
In this case, I can create outbound policy (aka, internal to wan with action IPSec), but not inbound policy (from vpn to internal).
I know that I check "Allow traffic to be initiated from the remote site", reverse session is allowed.
But I only need inbound policy.
How do I do this ?
FW : Fortigate 40F
OS ver : 7.2.2
Regards,
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
In the vpn policy from internal to wan, just keep inbound enabled and outbound disabled. This will only allow traffic initiated from peer site.
config firewall policy
edit <>
set action ipsec
set inbound enable
set outbound disable
set vpntunnel < >
next
end
best regards,
Jin
Created on 11-23-2022 04:37 PM Edited on 11-24-2022 02:49 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, Jin.
Thank you for your reply.
I'm considering the following situation.
In this case, how should I configure it?
I know that route-base-ipsec can be that because Fortigate create tunnel interface.
Regards,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Does anyone know?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
To configure a firewall:
Go to Network Security > Firewall.
Select [IPv4 Policy | IPv6 Policy].
Click Add to display the configuration editor.
Complete the configuration as described in Table 66.
Save the configuration.
Reorder rules, as necessary.
Regards,
Rachel Gomez
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you for your reply.
I can't see the tunnel interface in "Incomming Interface" with policy based vpn.
I can only create policy from inside to outside(to use action vpn ).
This does not fulfill my request.
Regards,