Description | This article discusses Dialup VPN over the wireless network for an additional layer of security |
Scope |
FortiGate. |
Solution |
Topology: Wireless client (192.168.1.2)----Tunnel mode SSID-----FortiAP(10.10.10.2)----------(10.10.10.1)Fortigate(wan:10.9.10.242)
For an additional layer of security, the IPSec tunnel is built over a wireless network, FortiGate acts as both a wireless controller as well as a Dialup IPSec Server.
FortiAP is broadcasting the SSID: Dialup-IPSec:
Dialup IPSec server (tunnel) is created on the FortiGate for the wireless clients. It is possible to use a VPN template to create it:
Note: Split-tunnel must be disabled to send Internet traffic of wireless network over the tunnel.
It is necessary to configure two policies to bring up the tunnel and allow wireless clients to access the Internet.
The first policy will be between the tunnel SSID interface (Dialup-IPSec) and the WAN interface that will bring up the tunnel. The Second policy will be between the IPSec interface (Wireless-IPSec) and the WAN interface to allow wireless clients to access the Internet.
Now, FortiGate is configured properly.
On the Wireless client: Connect to SSID.
router # dia sniffer packet any ' host 192.168.2.1 and icmp' 4 20
|
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.