Fortinet black logo

Administration Guide

IPsec VPN Wizard

IPsec VPN Wizard

The SD-WAN Interface page in FortiManager now includes an IPsec VPN creation wizard. Administrators can configure a VPN using a wizard when configuring the SD-WAN.

To configure the IPsec VPN in SD-WAN:
  1. Go to System Settings > All ADOMs and edit the ADOM. Disable SD-WAN in Central Management. Click OK.
  2. Go to Device Manager > SD-WAN. Select any device or VDOM and click Edit. If no device is available, click Create New.
  3. Click Create VPN under Interface Members in the Create New SD-WAN or Edit SD-WAN page.

  4. Configure the following settings and click OK to auto-generate IPsec VPNs:

    Name

    Specify a name for the VPN.

    Remote Device

    Select IP Address or Dynamic DNS.

    IP Address

    Specify the IP address if IP Address is selected for Remote Device.

    FQDN

    Specify the FQDN if Dynamic DNS is selected for Remote Device.

    Outgoing Interface

    Select the outgoing interface.

    Authentication Method

    Select Pre-shared key or Signature.

    Certificate Name

    Select the certificate (if Signature was selected as the Authentication Method)

    Peer Certificate CA

    Select the Peer Certificate CA (if Signature was selected as the Authentication Method)

    Pre-shared Key

    Select the pre-shared key (if Pre-shared key was selected as the Authentication Method)

  5. The auto-generated VPN interface are automatically added to the list of SD-WAN members.

  6. Edit the VPN in Interface Members to configure Gateway IP, Estimated Upstream Bandwidth (Kbps), and Estimated Downstream Bandwidth (Kbps).

IPsec VPN Wizard

The SD-WAN Interface page in FortiManager now includes an IPsec VPN creation wizard. Administrators can configure a VPN using a wizard when configuring the SD-WAN.

To configure the IPsec VPN in SD-WAN:
  1. Go to System Settings > All ADOMs and edit the ADOM. Disable SD-WAN in Central Management. Click OK.
  2. Go to Device Manager > SD-WAN. Select any device or VDOM and click Edit. If no device is available, click Create New.
  3. Click Create VPN under Interface Members in the Create New SD-WAN or Edit SD-WAN page.

  4. Configure the following settings and click OK to auto-generate IPsec VPNs:

    Name

    Specify a name for the VPN.

    Remote Device

    Select IP Address or Dynamic DNS.

    IP Address

    Specify the IP address if IP Address is selected for Remote Device.

    FQDN

    Specify the FQDN if Dynamic DNS is selected for Remote Device.

    Outgoing Interface

    Select the outgoing interface.

    Authentication Method

    Select Pre-shared key or Signature.

    Certificate Name

    Select the certificate (if Signature was selected as the Authentication Method)

    Peer Certificate CA

    Select the Peer Certificate CA (if Signature was selected as the Authentication Method)

    Pre-shared Key

    Select the pre-shared key (if Pre-shared key was selected as the Authentication Method)

  5. The auto-generated VPN interface are automatically added to the list of SD-WAN members.

  6. Edit the VPN in Interface Members to configure Gateway IP, Estimated Upstream Bandwidth (Kbps), and Estimated Downstream Bandwidth (Kbps).