When central VPN management is enabled, you can use the VPN Manager pane to configure IPsec VPN settings that you can install to one or more devices. The settings are stored as objects in the objects database. You can then select the objects in policies for policy packages on the Policy & Objects pane. You install the IPsec VPN settings to one or more devices by installing the policy package to the devices.
You must enable central VPN management to access the settings on the VPN Manager > IPsec VPN pane. However, you can access the settings on the VPN Manager > SSL-VPN pane without enabling central VPN management. See Enabling central VPN management.
To create IPsec VPN settings:
- Enable central VPN management. See Enabling central VPN management.
- Create a VPN community, sometimes called a VPN topology. See Creating IPsec VPN communities.
- Create a managed gateway. See Creating managed gateways.
To create SSL-VPN settings:
- Create custom profiles. See Creating SSL VPN portal profiles.
Alternately, you can skip this step, and use the default portal profiles.
- Add an SSL VPN to a device, and select a portal profile. See Creating SSL VPNs.
To install VPN objects to devices:
- Plan the VPN security policies. See VPN security policies.
- In a policy package, create VPN security policies, and select the VPN settings. See Creating policies.
- Edit the installation targets for the policy package to add all of the devices onto which you want to install the policy defined VPN settings. See Policy package installation targets.
- Install the policy package to the devices. See Install a policy package.
VPNs can also be configured directly on a FortiGate. To prevent conflicts, the preserve field must be selected in the phase 1 and phase 2 interfaces when creating the VPN. See The FortiOS Handbook, in the Fortinet Document Library, for more information.