Fortinet black logo

Cookbook

Creating a security policy

Copy Link
Copy Doc ID a4a06ec3-12a7-11e9-b86b-00505692583a:832175
Download PDF

Creating a security policy

The IPsec wizard automatically created a security policy allowing IPsec VPN users to access the internal network. However, since split tunneling is disabled, another policy must be created to allow users to access the Internet through the FortiGate.

  1. To create a new policy, go to Policy & Objects > IPv4 Policies and select Create New. Set a policy name that will identify what this policy is used for (in the example, IPsec-VPN-Internet).
  2. Set Incoming Interface to the tunnel interface and Outgoing Interface to wan1. Set Source to the IPsec client address range, Destination Address to all, Service to ALL, and enable NAT.
  3. Configure any remaining firewall and security options as desired.

Creating a security policy

The IPsec wizard automatically created a security policy allowing IPsec VPN users to access the internal network. However, since split tunneling is disabled, another policy must be created to allow users to access the Internet through the FortiGate.

  1. To create a new policy, go to Policy & Objects > IPv4 Policies and select Create New. Set a policy name that will identify what this policy is used for (in the example, IPsec-VPN-Internet).
  2. Set Incoming Interface to the tunnel interface and Outgoing Interface to wan1. Set Source to the IPsec client address range, Destination Address to all, Service to ALL, and enable NAT.
  3. Configure any remaining firewall and security options as desired.