FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This configuration procedure is common to all IPSec VPNs. These steps are relevant for FortiOS 2.8 and 3.0. For complete details on configuring a FortiGate VPN, see the FortiGate VPN Guide.
Define the phase 1 parameters that the FortiGate unit needs to authenticate remote peers and establish a secure a connection.
Define the phase 2 parameters that the FortiGate unit needs to create a VPN tunnel with a remote peer.
Define source and destination addresses for the IP packets that are to be transported through the VPN tunnel.
Create the firewall encryption policy and define the scope of permitted services between the IP source and destination addresses.
You must perform Steps 1 and 2 to have the FortiGate unit generate unique IPSec encryption and authentication keys automatically. In situations where a remote VPN peer requires a specific IPSec encryption and/or authentication key, you must configure the FortiGate unit to use manual keys instead of performing Steps 1 and 2. For more information, see “Manual-key configurations” in the FortiGate VPN Guide.
