FortiGate Cookbook - IPsec VPN with FortiClient (5.4)

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
in this video you will learn how to create an IPSec tunnel for remote users to connect to using 40 client this will allow remote users to access the corporate network using an IPSec VPN that they connect to using 40 client for Mac OS X Windows or Android traffic to the internet will also flow through the FortiGate to apply security scanning 40 client 5.4 for Mac OS X is used in this recording go to user and device user definition and create a local user account for an IPSec VPN user enter a username password email address and enable the user account then go to user and device user groups and create an IPSec VPN user group add remaining to the user group you next go to VPN IPSec wizard and create a new tunnel using a pre-existing template name the VPN connection remember the name can't contain any spaces and should not exceed 13 characters in length set template to remote access and set remote device type to 40 client VPN for OS X Windows and Android set incoming interface to the internet facing interface and authentication method to pre shared key enter pre shared key and select the IPSec users group and then click Next set local interface to an internal interface and set local address to the local land address and create an address for the local network name the local network set type to ip net mask subnet IP range to the local subnet an interface to an internal port on the local area network enter a client address range for VPN users your FortiGate then automatically creates an object address using this range it's named after the VPN name followed by underscore range enter a subnet mask make sure that the ipv4 split tunnel is not enabled this means that all Internet traffic will go through the FortiGate and be subject to security profiles select your preferred client options auto connect initiates the phase 2's a negotiation automatically repeating every five seconds until the SI is established it's useful when one of the VPN is a dial-up peer since it allows users at the other pair to initiate traffic as well keepalive ensures that a new SI is negotiated even if there's no traffic so that your VPN tunnel stays up after you create the tunnel a summary page will list the objects that have been created by the VPN wizard the IPSec wizard automatically created a security policy allowing IPSec VPN users to access the internal network however since split tunneling is disabled you need to create another policy to allow users to access the internet through the FortiGate go to policy and objects ipv4 policies and create a new internet access policy name the policy and set incoming interface to the tunnel interface outgoing interface to when one source to all address to all service to all and enable net don't forget to configure the security profile options according to your preferences you from a computer outside of the internal network open 40 client if you haven't downloaded 40 client yet go to the link below go to remote access and add a new connection set the type to IPSec VPN and remote gateway to the FortiGate IP address set authentication method to pre shared key and enter the key below click Add on 40 client select the VPN enter the username and password and select connect once the connection is established the FortiGate assigns the user an IP address and 40 client displays the status of the connection including the IP address connection duration and bytes sent and received open a browser and make sure to generate some web traffic to test that your internet is working also open up your CLI console and ping the IP address of the computer that's behind the corporate FortiGate on the FortiGate unit go to monitor IPSec monitor and verify that the tunnel status is up you can also see the remote gateway assigned for the 40 client user then go to 40 view policies and select the now view you can see that the pings are reaching the internal network and that web traffic is flowing through the IPSec VPN internet policy right click on the policy and select drill down to details more information about the traffic is available and you can see the users assigned IP address go to four to view VPN to see which users have connected to the VPN thanks for watching and don't forget to subscribe you can also see a text version of this video on the Fortinet cookbook website
Info
Channel: Fortinet
Views: 179,106
Rating: undefined out of 5
Keywords: Fortinet, FortiGate, 5.4, 5.4.1, network, security, firewall, IPsec, VPN, forticlient, tunnel, Cybersecurity, Network Security, Fortinet Tutorial, Fortinet Demo, FortiGate 5.4, Cookbook, FortiGate Cookbook, IPsec VPN, FortiClient
Id: ScqwfcjlIxQ
Channel Id: undefined
Length: 6min 20sec (380 seconds)
Published: Wed Jul 13 2016
Related Videos
FortiGate Cookbook - SSL VPN Web and Tunnel Mode (5.4)
Fortinet
94K
FortiGate SSL VPN Configuration (FortiOS 6.4.0 Basic)
Fortinet Guru
73K
How to Configure IPsec VPN Remote Access on FortiGate Firewall FortiOS 7
D' IgoroTech
6.1K
#4: FortiGate: Basic Config of the firewall | VLAN, WAN, DHCP, IPv4 Policies | My Home Network
KBTrainings
37K
FortiGate Cookbook - Site-to-Site IPsec (5.4)
Fortinet
42K
18. Fortigate IPSEC VPN with Forticlient
Donghowa Network
2.8K
Fortigate client SSL VPN setup 5.6
Julian
37K
FortiClient VPN Installation & Configuration (on Window (Ver.6.4.3) & Android (Ver.6.4.6))
Star Catalyst
5.7K
FortiGate to FortiGate IPSEC Configuration (FortiOS 6.4.0)
Fortinet Guru
26K
FortiGate Cookbook - VIP Port Forwarding (5.4)
Fortinet
126K
Setup SSL VPN Web & Tunnel Modes
Fortinet
25K
IPSec Remote Access VPN Configuration in Fortigate | With IPSec-VPN Setup in FortiClient
Tech Enthusiast
9.1K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.