Fortinet FortiGate 4000 Switch User Manual


 
IPSec VPN Configuring encrypt policies
FortiGate-4000 Installation and Configuration Guide 251
Adding a destination address
The destination address can be a VPN client address on the Internet or the address of
a network behind a remote VPN gateway.
To add a destination address
1 Go to Firewall > Address.
2 Select an external interface.
3 Select New to add an address.
4 Enter the Address Name, IP Address, and NetMask for a single computer or for an
entire subnetwork on an internal interface of the remote VPN peer.
5 Select OK to save the destination address.
Adding an encrypt policy
To add an encrypt policy
1 Go to Firewall > Policy.
2 Select the policy list that you want to add the policy to (usually, Internal->External).
3 Select New to add a new policy.
4 Set Source to the source address.
5 Set Destination to the destination address.
6 Set Service to control the services allowed over the VPN connection.
You can select ANY to allow all supported services over the VPN connection or select
a specific service or service group to limit the services allowed over the VPN
connection.
7 Set Action to ENCRYPT.
8 Configure the ENCRYPT parameters.