ArticleDescription | Steps to use Mac IPSec connection software to connect to a FortiGate unit over VPN. |
Components | - All FortiGate units running FortiOS 3.0 MR3 or higher
- Macintosh computer running Mac OS 10.2 or higher
- IPSec connection software IPSecuritas (Freeware).
|
Steps or Commands | Configure the FortiGate unitFirst, configure the FortiGate unit with a user, user group and VPN tunnel. Create a user and user groupTo create a user - Go to User> Local and select Create New.
- Enter the user information and select OK.
To create a user group - Go to User> User Group and select Create New.
- Enter group name.
- Select a Type of Firewall.
- Select a Protection Profile from the list.
- Select a user from the list of Available Users/Groups and select the Right-pointing arrow to add it to the Members list.
- Select OK.
Create IPSec Phase 1- Go to VPN> IPSec> Auto Key (IKE).
- Select Create Phase 1.
- Set the following options and select OK. Note that these and Advanced options may vary depending on your configuration requirement.
Name | Name of the Phase 1 settings. | Remote Gateway | Select Dialup User. | Mode | Select Aggressive | Authentication Method | Preshared Key (Note that the Pre-shard key must be empty) | Peer Options | Select Accept peer id in dialup group and select the group configured in the previous step. | Advanced | Select to configure advanced options as required. |
Create IPSec Phase 2- Go to VPN> IPSec> Auto Key (IKE).
- Select Create Phase 2.
- Set the following options and select OK. Note that these and Advanced options may vary depending on your configuration requirement.
Name | Enter the Phase 2 name. | Phase 1 | Select the Phase 1 name created in the previous step. | Advanced | Select to configure advanced options as required. |
Create a IPSec Firewall policy to allow the VPN traffic through the FortiGate unit. Configuring the IPSecuritas softwareInstall the software as per the software documentation to your Applications folder. To create a VPN configuration - Launch the application and select New.
- Enter a Connection Name.
- In the General tab, select Host to Network.
- Enter the Remote Network IP address.
- Select the Exchange Mode of Aggressive.
- Configure the Phase 1 and Phase 2 encryptions to match the settings on the FortiGate unit.
- Select Id/Auth and enter the Pressured Secret (preshared key).
- Select OK.
To start a VPN tunnel, select the entry from the application and select Start IPSec. |
Related Articles
List of articles about Fortigate IPSec VPN interoperability