Fortinet black logo

Administration Guide

Recommended IPsec templates

Recommended IPsec templates

FortiManager includes recommended IPsec templates that come preconfigured with FortiManager best practices recommendations for use within your environment. These templates can be used to simplify deployment of SD-WAN interconnected sites or to create IPsec VPN for FortiGate devices.

Once a new IPsec template has been created from a recommended template, it can be edited, deleted, and/or cloned.

Meta fields can be used when configuring a recommended template's required fields to ensure that fields like Local ID are unique when the template is assigned to multiple devices. See Meta Fields.

The following IPsec recommended templates are available.

Template Name

Description

HUB_IPSec_Recommended Fortinet's recommended template for hub IPSec tunnels.
Branch_IPSec_Recommended Fortinet's recommended template for IPSec branch device configurations.
IPSec_Fortinet_Recommended Fortinet's recommended template for IPSec configurations.
To use a default IPsec template in your environment:
  1. Go to Device Manager > Provisioning Templates > IPsec Tunnel Templates.
  2. Select a recommended template, and click Activate in the toolbar.
    A dialog will appear where you can enter configuration details specific to your environment.
  3. Click OK to save your changes.
    A new template is created in the template list based on the recommended template you selected and the configuration details provided.
  4. (Optional) Edit the template to view or change the automatically configured settings.
  5. (Optional) Once a template has been created, it can be added to a template group. SeeTemplate groups
  6. Assign the new template or template group to a managed device/device group and then install the changes.
To create a recommended IPsec Hub template:
  1. Activate the HUB_IPSec_Recommended template.
  2. Enter the following requested information.
    Template NameEnter a name for the template.

    Enable ADVPN

    Optionally, toggle this setting to enable Auto Discovery VPN (ADVPN).

    Outgoing InterfaceEnter the outgoing interface. This is the physical port that the branch devices are connecting in on.
    IPv4 Start IP

    Enter the first usable IP address in the range.

    IPv4 End IP

    Enter the last usable IP address in the range.

    IPv4 NetmaskEnter the IPv4 netmask.
    Pre-shared KeyEnter the pre-shared key.
  3. Select OK to create the template.
To create a recommended IPsec branch template:
  1. Activate the Branch_IPSec_Recommended template.
  2. Enter the following requested information.
    Template NameEnter a name for the template.

    Enable ADVPN

    Optionally, toggle this setting to enable Auto Discovery VPN (ADVPN).

    Outgoing Interface

    Enter the outgoing interface. This is the physical port from which the tunnel connection is initiated.

    Local IDEnter a Local ID. This is used to identify devices connecting to the hub.
    Remote GatewayEnter the remote gateway.
    Pre-shared KeyEnter the pre-shared key.
  3. Select OK to create the template.
To create a recommended IPsec template:
  1. Activate the IPSec_Recommended template.
  2. Enter the following requested information.
    Template NameEnter a name for the template.

    Enable ADVPN

    Optionally, toggle this setting to enable Auto Discovery VPN (ADVPN).

    Outgoing InterfaceEnter the outgoing interface.
    Remote GatewayEnter the remote gateway.
    Pre-shared KeyEnter the pre-shared key.
  3. Select OK to create the template.

Recommended IPsec templates

FortiManager includes recommended IPsec templates that come preconfigured with FortiManager best practices recommendations for use within your environment. These templates can be used to simplify deployment of SD-WAN interconnected sites or to create IPsec VPN for FortiGate devices.

Once a new IPsec template has been created from a recommended template, it can be edited, deleted, and/or cloned.

Meta fields can be used when configuring a recommended template's required fields to ensure that fields like Local ID are unique when the template is assigned to multiple devices. See Meta Fields.

The following IPsec recommended templates are available.

Template Name

Description

HUB_IPSec_Recommended Fortinet's recommended template for hub IPSec tunnels.
Branch_IPSec_Recommended Fortinet's recommended template for IPSec branch device configurations.
IPSec_Fortinet_Recommended Fortinet's recommended template for IPSec configurations.
To use a default IPsec template in your environment:
  1. Go to Device Manager > Provisioning Templates > IPsec Tunnel Templates.
  2. Select a recommended template, and click Activate in the toolbar.
    A dialog will appear where you can enter configuration details specific to your environment.
  3. Click OK to save your changes.
    A new template is created in the template list based on the recommended template you selected and the configuration details provided.
  4. (Optional) Edit the template to view or change the automatically configured settings.
  5. (Optional) Once a template has been created, it can be added to a template group. SeeTemplate groups
  6. Assign the new template or template group to a managed device/device group and then install the changes.
To create a recommended IPsec Hub template:
  1. Activate the HUB_IPSec_Recommended template.
  2. Enter the following requested information.
    Template NameEnter a name for the template.

    Enable ADVPN

    Optionally, toggle this setting to enable Auto Discovery VPN (ADVPN).

    Outgoing InterfaceEnter the outgoing interface. This is the physical port that the branch devices are connecting in on.
    IPv4 Start IP

    Enter the first usable IP address in the range.

    IPv4 End IP

    Enter the last usable IP address in the range.

    IPv4 NetmaskEnter the IPv4 netmask.
    Pre-shared KeyEnter the pre-shared key.
  3. Select OK to create the template.
To create a recommended IPsec branch template:
  1. Activate the Branch_IPSec_Recommended template.
  2. Enter the following requested information.
    Template NameEnter a name for the template.

    Enable ADVPN

    Optionally, toggle this setting to enable Auto Discovery VPN (ADVPN).

    Outgoing Interface

    Enter the outgoing interface. This is the physical port from which the tunnel connection is initiated.

    Local IDEnter a Local ID. This is used to identify devices connecting to the hub.
    Remote GatewayEnter the remote gateway.
    Pre-shared KeyEnter the pre-shared key.
  3. Select OK to create the template.
To create a recommended IPsec template:
  1. Activate the IPSec_Recommended template.
  2. Enter the following requested information.
    Template NameEnter a name for the template.

    Enable ADVPN

    Optionally, toggle this setting to enable Auto Discovery VPN (ADVPN).

    Outgoing InterfaceEnter the outgoing interface.
    Remote GatewayEnter the remote gateway.
    Pre-shared KeyEnter the pre-shared key.
  3. Select OK to create the template.