How to Configure IPSec VPN on FortiGate | IPSec VPN Configuration - Easy Steps

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hello guys this is the igoro tech today i will show you how to configure 4d client ipsec vpn we will do it step by step first is create user and user group second configure fortigate ipsec vpn third create a security policy fourth install and configure ford client ipsec vpn [Music] and lastly backup and restore configuration ipsec vpn will allow remote users to connect to the fortigate device and access internal network using 4d client for windows mac os android and even some linux operating system internet traffic will also flow to the fortigate for security scanning for this demonstration we are going to use 4d client 6.4.0 since the latest versions you need to have a license to use the application let's begin first we have to create user and user group go to user and device user definition click on create new to create new local user account for ipsec vpn local user is currently selected to just click next now enter your desired username and password [Music] for the contact info you can input user email address or you can leave it blank click on next by default the user account status is enabled so simply click on submit to finish here you can see the local user account we just created now we are going to create ipsec vpn user group go to user groups create new enter your desired ipsec user group name we will add the local user we just created to be a member of this ipsec vpn group you can add multiple users at the same time once done click on ok you can see the user group we just created and also the member of that group second step is to configure the fortigate ipsec vpn with wizard [Music] go to vpn ipsec wizard we will create a new tunnel enter your desired name remember that the name can't contain any spaces and should not exceed 13 characters in length set template type to remote access you can see that the 4d client is available for windows mac os android and even some linux operating system by default the remote device type is already set to client based and for the client so we will just click next [Music] set incoming interface to the internet facing interface which in our case is the one two the authentication method to pre-shared key and enter your desired pre-shared key you must remember the pre-shared key because you will use it to configure the forde client in the user group select the group for ipsec vpn users click on next local interface to an internal interface create an address for the local network if you haven't created yet [Music] click on create and select address [Music] set your desired name for your local network the type to subnet and enter the ipnet mask of the internal network in the interface you will choose the internal interface you can double check the ipnetmask you configured [Music] you can now add the new created address [Music] enter the client address range based on your preference this range will be the address received by the ipsec vpn users the fortigate will automatically create an object address using this range make sure to disable the enable ipv4 split tunnel this means that the ipsec vpn users will use this device connection to reach internet you may enable this option if you prefer to use your own connection for internet access which means you can access the internal network once the ipsec vpn has been established but you will use your own connection for internet access for the client options you may select your own preference save password the ipsec vpn users can save their own password for them not to input their password every time they try to connect you can enable auto connect this is very useful especially when one of the vpn is dial-up peer since it allows users at the other end to initiate traffic as well lastly always up or keep alive this ensures that the vpn won't disconnect even if there's no traffic or the device went idle great we're done with the second process you can see that the vpn is currently down since there's no remote users currently connected now let's check the object address for ipsec vpn users that has been automatically created earlier go to policy and object address here you can see the address range for ipsec vpn users [Music] third step is to create a security policy [Music] go to policy and object ipv4 policy here you can see that a policy for ipsec vpn to internal network has been automatically created you can check the source address and the destination address now we are going to create a new policy for ipsec vpn users to access internet through this network to do this we can simply clone this policy right click and select copy right click again and you have two options to paste either paste below or above now we will edit the copied policy you can right-click and select edit or simply double-click on it set a name for this policy [Music] incoming interface to ipsec vpn tunnel for the outgoing interface we will choose the internet-facing interface which in our case is one two since our goal is to allow ipsec vpn users to access internet through this network source to all destination to all schedule to always and services to all this means ipsec vpn users can access everything can use any protocols at any time no schedule no filtering and no restrictions enable nat for the security profiles you can configure based on your preference for log allowed traffic you can enable all sessions for you to monitor all the logs for this policy you must enable the policy once done click ok here you can see the two policies for ipsec vpn we permitted ipsec vpn users to access the internal network and to use this network connection to access internet next step is we are going to install and configure ford client ipsec vpn if you don't have the installer then you can download it from the link description below now run the downloaded file you can read the license agreement and you must agree to it [Music] check the box and click next the destination folder we will leave it as default click next click install wait for it to finish the installation [Music] you can see the shortcut application that has been automatically created on desktop click finish let's run the application you can either double-click the shortcut application on desktop or right-click on the application logo in the taskbar and select open for to client console since this is the first time the application will run or if no configuration then you need to click configure vpn let's check the application version click on this logo at the top of the window here you can see the exact version of the application [Music] let's now proceed to the configuration we are configuring the ipsec vpn so we will select the option ipsec vpn if you want to configure the ssl vpn then check the link in the description below enter your desired connection name you can enter a description or you can leave it blank for the remote gateway you will enter the public ip address or dynamic dns of the remote site authentication method to pre-shared key now enter the pre-shared key you have configured earlier on the fortigate ipsec vpn configuration check the save login for you not to enter your username and password every time you try to connect enter your username remember the remote gateway and pre-shared key must match the fortigate ipsec vpn configuration or else the connection will not established or you will encounter some error once done click on save now enter your password click connect wait for the connection to be established in this window you can see the vpn name ip address duration bytes received and bytes sent you can observe that we got the ip address we have configured for the ipsec vpn users [Music] now we are going to perform some test first let's check the remote site gateway go to network interfaces [Music] you can see the gateway is 192.168.0.1 now let's try to ping [Music] great we can now access the internal network let's now test the internet connection [Music] amazing configuration successful we can now access the internal network and also access internet through this network [Music] let's now check the vpn status go to monitor ipsec monitor you can see that the vpn is already up since we are already connected to it [Music] to check the logs go to forward view then policies you can see the policy ipsec to internet you can double click on it to drill down the logs you can see the source ip 10.10.10. you can compare the ip address of the 4d client and the fortigate 40 view or logs you have several options to choose to you can go to destinations and you will see the youtube.com we just visited earlier you can also go to 4d view source and you will see the ipsec vpn ip address you can also drill down the logs by double clicking on it let's now proceed to the last step backup and restore this is very useful if you have multiple remote sites you can backup the ford client config for you not to enter all those details again after reinstallation or you can save it and restore on your other devices first we have to disconnect the vpn connection you can see we only have one remote site configured to back up the configuration click on the padlock icon at the top of the window to unlock advanced setting now click on the setting or the gear icon click on backup [Music] set a file name for the backup file and choose the destination click save now you must have to configure password for the backup file the older version doesn't have this option once done click on ok [Music] great backup file created successfully [Music] you can see the backup file created on desktop [Music] next step is restoring the configuration first we have to delete the current config assuming that it's a fresh install or new device to do this click on the three line icon and select delete the selected connection now you can see that it's like a fresh install [Music] click on configure vpn to restore the backup file click on the settings or the gear icon choose restore now locate the backup file [Music] click open enter the backup file password you have configured earlier great configuration restored successfully let's do a quick check go to home window and you can see the remote site has been restored you can double check the configuration by editing the selected configuration you can see that the vpn type is ipsec vpn you can review the details now let's try to login enter your username and password and click connect it worked we can now log in after restoring the backup file [Music] that's all for today's demonstration and i really hope you liked this video and also my other tutorial videos please like share drop your comments and suggestions below please subscribe and click on the bell icon for you to be notified for my upcoming videos thank you and see you in the next video

Info

Channel: D' IgoroTech

Views: 3,395

Rating: undefined out of 5

Keywords: google.com, youtube.com, fortigate ipsec vpn, how to, how to configure ipsec vpn, foticlient, forticlient ipsec vpn, ipsec vpn guide, ipsec vpn tutorial, tutorial, ssl vpn, fortigate ssl vpn, ipsec vpn step by step guide, ipsec vpn step by step tutorial, vpn, virtual private network, vpn tutorial, fortinet fortigate, what is ipsec vpn, step by step tutorial, step by step guide, fortigate firewall, fortigate guide, fortigate tutorial, beginners guide, foticlient ipsec vpn, guides

Id: rh-hrs41juI

Channel Id: undefined

Length: 18min 48sec (1128 seconds)

Published: Sun Jan 24 2021