Description This article describes the required configuration to
establish a dial-up IPsec VPN using IKEv2 between a Windows 11 device
and a FortiGate firewall. It includes settings for VPN phase
configuration, user authentication, and proposal compa...
Description This article describes the role of Diffie-Hellman groups in
IPsec VPN key negotiation and highlights the differences between IKEv1
and IKEv2. It includes best practices for selecting key exchange
parameters on FortiGate devices. Scope For...
Description This article describes how to configure FortiGate SD-WAN
with redundant site-to-site IPsec VPN between four sites (Site1, Site2,
Site3, Site4). This implementation provides high availability, automatic
failover, and dynamic traffic steeri...
Description This article describes the ability to use SD-WAN zones as
interface entries within Central SNAT configuration. The feature is
available starting from FortiOS version 7.6.1, and has also been
backported to FortiOS versions 7.4.8 and 7.2.11...
Description This article describes the importance of using a static IP
address, Fully Qualified Domain Name (FQDN), or Dynamic Domain Name
System (DDNS) when configuring IPsec dial-in Virtual Private Network
(VPN) tunnels on FortiGate devices. Scope ...
