config vpn ipsec phase1-interface
    edit "ABC"
        set type dynamic
        set interface "wan1"
        set mode aggressive
        set peertype any
        set mode-cfg enable
        set proposal aes128-sha256 aes256-sha256 3des-sha256 aes128-sha1 aes256-sha1 3des-sha1
        set comments "VPN: ABC (Created by VPN wizard)"
        set wizard-type dialup-forticlient
        set xauthtype auto
        set authusrgrp "IPSec VPN users"
        set net-device enable
        set ipv4-start-ip 192.168.12.10
        set ipv4-end-ip 192.168.12.20
        set dns-mode auto
        set ipv4-split-include "all"
        set save-password enable
        set psksecret ENC -----
    next
end
config vpn ipsec phase2-interface
    edit "ABC"
        set phase1name "ABC"
        set proposal aes128-sha1 aes256-sha1 3des-sha1 aes128-sha256 aes256-sha256 3des-sha256
        set comments "VPN: ABC (Created by VPN wizard)"
    next
end

config system interface
    edit "wan1"
        set vdom "root"
        set ip x.x.x.x 255.255.255.254
        set allowaccess ping
        set type physical
        set scan-botnet-connections block
        set alias "XYZ"
        set role wan
        set snmp-index 1