Você está na página 1de 4

IPsec VPN with FortiClient – Fortinet Cookbook https://cookbook.fortinet.com/ipsec-vpn-with-fort...

We're moving! Our Cookbook content is moving to the Fortinet


Documentation Library. This Cookbook site will shut down permanently on
June 26, 2019.

FORTICLIENT / FORTICLIENT 5.4 / FORTIGATE / FORTIOS 5.6 / FORTIOS 5.6.0 / FORTIOS


5.6.1 / FORTIOS 5.6.2 / FORTIOS 5.6.3 / VIDEOS / VPNS

IPsec VPN with FortiClient


Posted on June 7, 2017 by Victoria Martin

This site uses cookies. Some are essential to the operation of the site; others help us improve
the user experience. By continuing to use the site, you consent to the use of these cookies.

Accept Privacy policy

1 of 4 10/5/19, 10:20 pm
IPsec VPN with FortiClient – Fortinet Cookbook https://cookbook.fortinet.com/ipsec-vpn-with-fort...

IPsec VPN that they connect to using FortiClient for Mac OS X, Windows, or Android. The
remote users Internet traffic will also be routed through the FortiGate (split tunneling will
not be enabled).

In this example, FortiClient 5.4.2.523 for Mac OS X is used.

Find this recipe for other FortiOS versions

5.2 | 5.4 | 5.6

1. Creating a user group for remote users

Go to User & Device > User Definition. Create a local user account
for an IPsec VPN user.

Go to User & Device > User Groups. Create a user group for IPsec
VPN users and add the new user account.

2. Adding a firewall address for the local network

Go to Policy & Objects > Addresses and create an address for the
local network.

Set Type to IP/Netmask, Subnet/IP Range to the local subnet, and


Interface to an internal port.

This site uses cookies. Some are essential to the operation of the site; others help us improve
the user experience. By continuing to use the site, you consent to the use of these cookies.

Accept Privacy policy

2 of 4 10/5/19, 10:20 pm
IPsec VPN with FortiClient – Fortinet Cookbook https://cookbook.fortinet.com/ipsec-vpn-with-fort...

3. Configuring the IPsec VPN using the IPsec VPN


Wizard

Go to VPN > IPsec Wizard and create a new tunnel using a pre-
existing template.

Name the VPN connection*. Set Template to Remote Access, and set


Remote Device Type to FortiClient VPN for OS X, Windows, and
Android.

Set the Incoming Interface to the internet-facing interface


and Authentication Method to Pre-shared Key.

Enter a pre-shared key* and select the new user group, then click
Next.

Set Local Interface to an internal interface (in the example, lan) and
set Local Address to the local LAN address.

Enter an Client Address Range for VPN users.*

Make sure Enable IPv4 Split Tunnel is not selected, so that all
Internet traffic will go through the FortiGate.*

Select Client Options as desired.

After you create the tunnel, a summary page appears listing the
objects which have been added to the FortiGate’s configuration by
the wizard.

This site uses cookies. Some are essential to the operation of the site; others help us improve
the user experience. By continuing to use the site, you consent to the use of these cookies.

Accept Privacy policy

3 of 4 10/5/19, 10:20 pm
IPsec VPN with FortiClient – Fortinet Cookbook https://cookbook.fortinet.com/ipsec-vpn-with-fort...

For further reading, check out IPsec VPN


Overview in the FortiOS 5.6 Handbook.

 FortiClient, IPsec VPN

CONTACT | DOCUMENTATION LIBRARY | CLI PORTAL  | FUSE | VIDEOS | SUPPORT | CORPORATE |


LEGAL

© 2018 Fortinet

This site uses cookies. Some are essential to the operation of the site; others help us improve
the user experience. By continuing to use the site, you consent to the use of these cookies.

Accept Privacy policy

4 of 4 10/5/19, 10:20 pm