Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor II

Restrict IPSec VPN by IP

Hi Everyone,


I have an IPSec VPN configured between two locations. The VPN is working great.


I've noticed, however, under Log & ReportEventsVPN Events that there are a number of "IPsec phase 1 error" messages, all of which are from unfamiliar IPs. It's obvious that there some bad actors are trying to configure an IPSec VPN against our network. 


How can I configure the firewall to block any IPSec VPN attempts, except from known IPs in a whitelist we manage on the Fortinet appliance?

Esteemed Contributor III

The basic idea is you need to use local-in-policy to block all other "IKE" packets except the peer IP you have.

Below KB is to do Geo-blocking for "IKE" attempts. You just need to change the source address for the local-in-policy to your peer address (for accept) and "all" (for deny).