Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
timothyd
New Contributor II

Restrict IPSec VPN by IP

Hi Everyone,

 

I have an IPSec VPN configured between two locations. The VPN is working great.

 

I've noticed, however, under Log & ReportEventsVPN Events that there are a number of "IPsec phase 1 error" messages, all of which are from unfamiliar IPs. It's obvious that there some bad actors are trying to configure an IPSec VPN against our network. 

 

How can I configure the firewall to block any IPSec VPN attempts, except from known IPs in a whitelist we manage on the Fortinet appliance?

Timothy
Timothy
1 REPLY 1
Toshi_Esumi
Esteemed Contributor III

The basic idea is you need to use local-in-policy to block all other "IKE" packets except the peer IP you have.

Below KB is to do Geo-blocking for "IKE" attempts. You just need to change the source address for the local-in-policy to your peer address (for accept) and "all" (for deny).


https://community.fortinet.com/t5/FortiGate/Technical-Tip-Restrict-VPN-access-to-certain-countries/t...

Toshi

 

Labels
Top Kudoed Authors