Fortinet black logo

Cookbook

5.6.0
6.2.16
6.2.15
6.2.14
6.2.13
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.0
6.0.0
5.6.0
5.4.0

Adding the tunnel interfaces to the VPN

Adding the tunnel interfaces to the VPN

  1. On External, go to Policy & Objects > Addresses and create an address for the External tunnel interface.

  2. Create a second address for the Branch tunnel interface.

    For this address, enable Static Route Configuration.

  3. Go to VPN > IPsec Tunnels and edit the VPN tunnel.

    Select Convert To Custom Tunnel.

    Under Phase 2 Selectors, create a second Phase 2 allowing traffic between the External tunnel interface and the Branch tunnel interface.

  4. Go to Network > Static Routes and create a route to the Branch tunnel interface.

    Set Destination to Named Address and select the firewall address.

    Set Device to the tunnel interface.

  5. Go to Policy & Objects > IPv4 Policy and edit the policy allowing local VPN traffic.

    Set Source to include the External tunnel interface.

    Set Destination to include the Branch tunnel interface.

  6. Edit the policy allowing remote VPN traffic to include the tunnel interfaces.

    On Branch, repeat this procedure to include the following:

    • Addresses for both tunnel interfaces. You must enable Static Route Configuration for the Branch tunnel interface.
    • A Phase 2 allowing traffic between the Branch tunnel interface and the External tunnel interface.
    • A static route to the External tunnel interface.
    • Edited policies that allow traffic to flow between the tunnel interfaces.
  7. Go to Monitor > IPsec Monitor and restart the VPN tunnel to implement the new phase 2.
Previous
Next

Adding the tunnel interfaces to the VPN

  1. On External, go to Policy & Objects > Addresses and create an address for the External tunnel interface.

  2. Create a second address for the Branch tunnel interface.

    For this address, enable Static Route Configuration.

  3. Go to VPN > IPsec Tunnels and edit the VPN tunnel.

    Select Convert To Custom Tunnel.

    Under Phase 2 Selectors, create a second Phase 2 allowing traffic between the External tunnel interface and the Branch tunnel interface.

  4. Go to Network > Static Routes and create a route to the Branch tunnel interface.

    Set Destination to Named Address and select the firewall address.

    Set Device to the tunnel interface.

  5. Go to Policy & Objects > IPv4 Policy and edit the policy allowing local VPN traffic.

    Set Source to include the External tunnel interface.

    Set Destination to include the Branch tunnel interface.

  6. Edit the policy allowing remote VPN traffic to include the tunnel interfaces.

    On Branch, repeat this procedure to include the following:

    • Addresses for both tunnel interfaces. You must enable Static Route Configuration for the Branch tunnel interface.
    • A Phase 2 allowing traffic between the Branch tunnel interface and the External tunnel interface.
    • A static route to the External tunnel interface.
    • Edited policies that allow traffic to flow between the tunnel interfaces.
  7. Go to Monitor > IPsec Monitor and restart the VPN tunnel to implement the new phase 2.
Previous
Next