00:00
>> In this video, you will learn how to
00:00
provide a group of remote users with
00:00
secure encrypted access to
00:00
the corporate network using the IPSec VPN wizard.
00:00
The tunnel provides group members
00:00
with encrypted access to
00:00
the internal network and forces them through
00:00
the FortiGate unit for secure Internet access.
00:00
First, go to user and device, user,
00:00
user definition, and create a new local user.
00:00
For the username enter, Alice.
00:00
Enter a safe password.
00:00
Add the e-mail address.
00:00
Then go to user and device, user,
00:00
user groups, and create a user group for remote users.
00:00
Then add the user you created to the group.
00:00
Next, go to policy and objects,
00:00
objects, addresses, and
00:00
add a firewall address for the local LAN.
00:00
Make sure that you include
00:00
the subnet and local interface.
00:00
Go to VPN, IPSec, wizard,
00:00
and create a new IPSec VPN tunnel using the wizard.
00:00
Name the VPN connection.
00:00
Select dialup FortiClient for Windows,
00:00
Mac OS, and Android and click next.
00:00
Set incoming interface to
00:00
>> the internet facing interface.
00:00
>> Set authentication method to pre-shared key.
00:00
The pre-shared key is a credential for
00:00
the VPN and should differ from the user's password.
00:00
Select your IPSec VPN user group and then click next.
00:00
Set local interface to
00:00
the internal interface and
00:00
set local address to the local LAN.
00:00
For the client address range,
00:00
enter an IP range that will be assigned to VPN users.
00:00
your client options, select save password.
00:00
FortiOS automatically creates a new firewall object
00:00
It also creates a security policy to allow
00:00
remote users to access the internal network.
00:00
Next, go to policy and objects,
00:00
and create a security policy to allow
00:00
remote users to access
00:00
the internet securely through the FortiGate unit.
00:00
Set incoming interface to
00:00
the tunnel interface and set source address to all.
00:00
Set outgoing interface to WAN
00:00
1 and destination address to all.
00:00
Set service to all and ensure that you enable NAT.
00:00
Next, open FortiClient.
00:00
Go to remote access and add a new connection.
00:00
Provide a connection name and set type to IPSec VPN.
00:00
Set remote gateway to the FortiGate IP address.
00:00
Set authentication method to
00:00
pre-shared key and enter the key. Click, okay.
00:00
Select the new connection and enter
00:00
the username and password and click connect.
00:00
Once the connection is established,
00:00
the FortiGate assigns the user an IP address.
00:00
FortiClient displays the connection status,
00:00
which includes the IP address,
00:00
duration, and bytes sent and received.
00:00
Open a browser and ensure that you
00:00
can successfully reach a server.
00:00
This example displays an XAMPP web server.
00:00
Then on the FortiGate unit, go to VPN,
00:00
monitor, IPSec monitor,
00:00
and verify the status of the tunnel.
00:00
Go to log and report,
00:00
traffic log, forward traffic to view the traffic.
00:00
Select an entry to view more information.
00:00
Thank you for watching.
00:00
For more information,
00:00
you can access Fortinet complete
00:00
documentation library at docs.fortinet.com.