Fortinet black logo

Administration Guide

Creating new IPsec VPN templates

Creating new IPsec VPN templates

Instead of creating a new template, you can clone the default template.

To create an IPsec VPN template:
  1. Go to Device Manager > Provisioning Templates > IPsec Tunnel Templates.
  2. Click Create New from the toolbar. The Create New IPsec Tunnel Template dialog appears.
  3. Enter a Name for the template.
  4. Click OK. The new template is created.
  5. Click on the template name from the tree menu at the left. The IPsec settings for the template appear on screen:

    Setting

    Value/Description

    Tunnel Name

    Name of the IPsec tunnel.

    Routing

    Automatic: Static routes to remote subnet will be created.

    Remote Device

    IP Address

    Remote Gateway (IP Address)

    This field accepts meta field variables and you will use the remote_site_id meta field variable here, for example, 101.71.$(remote_site_id).1, where the meta field variable value will be substituted at runtime.

    Outgoing Interface

    port2

    Local Interface

    We need to create and select a normalized interface with per-device mapping as different devices use different local interfaces. In this case, it is IPsecLAN.

    Local Network Address Object Name

    Select Interface Local Address, and enter the meta field variable $(branch_local_network), where the meta field variable value will be substituted at runtime.

    Remote Subnet

    Enter 200.71.$(remote_site_id).0/255.255.255.0, where the meta field variable value will be substituted at runtime.

    Authentication Method

    Pre-shared Key: Alphanumeric key used for device authentication.

    Tunnel Interface Setup

    Configure the IP and/or remote IP for the tunnel to use in the IPsec template.

    Advanced Options

    Expand to access and set a number of advanced options.

  6. Click Apply at the bottom to save the settings. The IPsec template is created and is ready to be assigned to devices.

To import an IPsec VPN template:
  1. If using ADOMs, ensure that you are in the correct ADOM.
  2. Go to Device Manager > Provisioning Templates > IPsec Tunnel Templates.
  3. Click Import. The Import IPSec Template screen is shown.
  4. Configure the following settings and click OK:
    • Name - specify a name for the IPSec template.
    • Device - select the FortiGate device from where to select the IPsec template.

    The IPsec template is imported.

Creating new IPsec VPN templates

Instead of creating a new template, you can clone the default template.

To create an IPsec VPN template:
  1. Go to Device Manager > Provisioning Templates > IPsec Tunnel Templates.
  2. Click Create New from the toolbar. The Create New IPsec Tunnel Template dialog appears.
  3. Enter a Name for the template.
  4. Click OK. The new template is created.
  5. Click on the template name from the tree menu at the left. The IPsec settings for the template appear on screen:

    Setting

    Value/Description

    Tunnel Name

    Name of the IPsec tunnel.

    Routing

    Automatic: Static routes to remote subnet will be created.

    Remote Device

    IP Address

    Remote Gateway (IP Address)

    This field accepts meta field variables and you will use the remote_site_id meta field variable here, for example, 101.71.$(remote_site_id).1, where the meta field variable value will be substituted at runtime.

    Outgoing Interface

    port2

    Local Interface

    We need to create and select a normalized interface with per-device mapping as different devices use different local interfaces. In this case, it is IPsecLAN.

    Local Network Address Object Name

    Select Interface Local Address, and enter the meta field variable $(branch_local_network), where the meta field variable value will be substituted at runtime.

    Remote Subnet

    Enter 200.71.$(remote_site_id).0/255.255.255.0, where the meta field variable value will be substituted at runtime.

    Authentication Method

    Pre-shared Key: Alphanumeric key used for device authentication.

    Tunnel Interface Setup

    Configure the IP and/or remote IP for the tunnel to use in the IPsec template.

    Advanced Options

    Expand to access and set a number of advanced options.

  6. Click Apply at the bottom to save the settings. The IPsec template is created and is ready to be assigned to devices.

To import an IPsec VPN template:
  1. If using ADOMs, ensure that you are in the correct ADOM.
  2. Go to Device Manager > Provisioning Templates > IPsec Tunnel Templates.
  3. Click Import. The Import IPSec Template screen is shown.
  4. Configure the following settings and click OK:
    • Name - specify a name for the IPSec template.
    • Device - select the FortiGate device from where to select the IPsec template.

    The IPsec template is imported.