IPSec Remote VPN configuration or Forticlient IPSec VPN is not a big task in Fortinet. Its very simply and you can setup it in few very simple steps.
Step - 1 (VPN User and Group Creation)
1. Go to User & Device => User Definition => Create New
2. Select Local User and click on Next
3. Enter the Username and Password and click on Next
4. Email Address and SMS information is optional
5. Under Extra Info tab please make sure user must be Enable and click on Next
6. Go to User & Device => User Groups => Create New
7. Enter the Group Name, Group Type must be Firewall, Select the Member (created in sub-step 3) and click OK.
Step - 2 (Setup IPSec VPN Tunnel)
1. Go to VPN => IPSec Wizard
2. Enter the name of VPN Community
3. Template Type should be Remote VPN
4. Remote Device Type should be "FortiClient VPN for OSX, Windows and Android"
5. Click Next
6. Incoming Interface should be your WAN interface
7. Authentication Method should be Preshared Key
8. Enter the Preshared Key and select the User Group created in Step - 1
9. Local Interface should be your LAN interface and Local Addresses should your LAN Subets
10. Client Address Range should be the IP range that you want to assign to your Remote VPN clients, e.g. 10.1.1.1-10.1.1.50
11. Enter the Subnet Mask of the Client Address Range define in above step.
12. If you wish Remote User must use its local Internet alongwith VPN you can select the option Split Tunnel.
13. Click Next
14. Make sure Save Password option should be enable.
15. Click Create
That's it !!!
(Note: This configuration is only valid for FortiOS 5.2 and abve, in prior version you may have to do some additional task as well. For example in prior versions you may have to create Security Policy and also need to define Remote VPN Address range object)
Sample Security Policy
Client Addresses IP Range Sample Object
Step - 3 (Forticlient Configuration)
1. Download the Forticlient from Fortinet Website
2. Install it on your computer.
3. Go to Remote VPN Section
4. In the New VPN Connection section Select IPSec
5. Enter the name of Connection, it could be any name
6. Enter Remote Gateway IP address. It should be WAN interface IP address of your Fortinet Firewall
7. Enter the Preshared Key
8. Click on Apply
9. Select the VPN Connection you created and enter the Username and Password that you create in Step - 1 and click on Connect.
Step - 1 (VPN User and Group Creation)
1. Go to User & Device => User Definition => Create New
2. Select Local User and click on Next
3. Enter the Username and Password and click on Next
4. Email Address and SMS information is optional
5. Under Extra Info tab please make sure user must be Enable and click on Next
6. Go to User & Device => User Groups => Create New
7. Enter the Group Name, Group Type must be Firewall, Select the Member (created in sub-step 3) and click OK.
Step - 2 (Setup IPSec VPN Tunnel)
1. Go to VPN => IPSec Wizard
2. Enter the name of VPN Community
3. Template Type should be Remote VPN
4. Remote Device Type should be "FortiClient VPN for OSX, Windows and Android"
5. Click Next
6. Incoming Interface should be your WAN interface
7. Authentication Method should be Preshared Key
8. Enter the Preshared Key and select the User Group created in Step - 1
9. Local Interface should be your LAN interface and Local Addresses should your LAN Subets
10. Client Address Range should be the IP range that you want to assign to your Remote VPN clients, e.g. 10.1.1.1-10.1.1.50
11. Enter the Subnet Mask of the Client Address Range define in above step.
12. If you wish Remote User must use its local Internet alongwith VPN you can select the option Split Tunnel.
13. Click Next
14. Make sure Save Password option should be enable.
15. Click Create
That's it !!!
(Note: This configuration is only valid for FortiOS 5.2 and abve, in prior version you may have to do some additional task as well. For example in prior versions you may have to create Security Policy and also need to define Remote VPN Address range object)
Sample Security Policy
Client Addresses IP Range Sample Object
Step - 3 (Forticlient Configuration)
1. Download the Forticlient from Fortinet Website
2. Install it on your computer.
3. Go to Remote VPN Section
4. In the New VPN Connection section Select IPSec
5. Enter the name of Connection, it could be any name
6. Enter Remote Gateway IP address. It should be WAN interface IP address of your Fortinet Firewall
7. Enter the Preshared Key
8. Click on Apply
9. Select the VPN Connection you created and enter the Username and Password that you create in Step - 1 and click on Connect.
And does it require VPN to work with?
ReplyDelete