From the Incoming Interface drop-down list, select internal2.In the Name text book, type the object name.Select Policy & Objects > Firewall Policy.Repeat steps 1–7 to create another IP segment.Leave the default value for all other settings.In the IP/Netmask text box, type the IP segment.From the Type drop-down list, select Subnet.In our example, the name is WatchGuard_INT. In the Name text box, type a name for the IP address.Leave the default value for all other Phase 2 settings.For the Diffie-Hellman Groups, check 14.Enable Enable Perfect Forward Secrecy (PFS).Remove all proposals except AES256 for encryption and SHA256 for authentication.This IP address is the internal network that the VPN protects. From the Remote Address drop-down list, select Subnet.In the Phase 2 Selectors section, from the Local Address drop-down list, select Subnet.Leave the default value for all other Phase 1 settings.For the Diffie-Hellman Groups, select 14.In the Phase 1 Proposal section, remove all proposals except AES256 for encryption and SHA256 for authentication.In the IKE section, for Version, select 2.In the Pre-shared Key text box, type the pre-shared key.In the Authentication section, from the Method drop-down list, select Pre-shared Key.Leave the default value for all other settings in the Network section. From the Interface drop-down list, select wan1.In our example, the IP address is 203.0.113.2. In the IP Address text box, type the public IP address of the Firebox.From the Remote Gateway drop-down list, select Static IP Address.Clear the Enable IPsec Interface Modecheck box.From the Template type options, select Customto continue without a template.
In the Name text box, type the object name.Enable Policy-based IPsec VPN under Additional Features.
For information about how to configure interfaces, see the Fortinet User Guide. Configure the external interface (wan1) and the internal interface (internal2).Log in to the FortiGate 60E Web UI at The default IP address is 192.168.1.99.This IP address is the internal network that the VPN protects.įollow these steps to configure the interfaces, VPN settings, policies, and routes on your FortiGate device. In the Network IP text box, type the remote IP segment.In the Remote IP section, from the Choose Type drop-down list, select Network IPv4.In the Network IP text box, type the local IP segment.In the Local IP section, from the Choose Type drop-down list, select Network IPv4.From the Gateway drop-down list, select gateway.1.
The Primary Interface IP Address is the primary IP address you configured on the selected external interface.
The hardware and software used in this guide include: