FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
jkoay
Staff
Staff
Article Id 190719
Description
This article describes how to configure FortiGate to allow remote browsing over IPSec VPN tunnel


Solution
Remote browsing over IPSec VPN tunnel:

In this example, 2 FortiGates (FortiGate A and FortiGate C) have established a VPN tunnel and local subnet in FortiGate C (10.221.0.0/16) will require to access Internet via VPN_TO_FGTA tunnel.

Configuration in FortiGate C:


1) Create a default route in FortiGate C to make sure all other traffic besides VPN will go through VPN tunnel


2) On VPN phase 2 selectors, create a new selector with local address pointing to 10.221.0.0/16 and remote address set to 0.0.0.0/0.0.0.0


3) Create a firewall policy for local subnet to access internet over VPN tunnel


4) Set an IP address and remote address on VPN tunnel (Go to Network -> Interfaces)


Configuration in FortiGate A:

1) Configure phase 2 selectors in VPN tunnel

2) Create a firewall policy for VPN users to access to Internet

3) Set an IP address and remote address on VPN tunnel (Go to Network -> Interfaces)


Test results in FortiGate A



Test results in FortiGate C


Contributors