IPsec VPN with FortiClient

Video Activity

In this video, you will learn how to provide a group of remote users with secure encrypted access to the corporate network using the IPsec VPN Wizard. The tunnel provides group members with encrypted access to the internal network, and forces them through the FortiGate unit for secure Internet access. Visit Fortinet's documentation library at http:...

Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
1 hour 35 minutes
Difficulty
Beginner
CEU/CPE
2
Video Description

In this video, you will learn how to provide a group of remote users with secure encrypted access to the corporate network using the IPsec VPN Wizard. The tunnel provides group members with encrypted access to the internal network, and forces them through the FortiGate unit for secure Internet access. Visit Fortinet's documentation library at http://docs.fortinet.com or our video portal at http://video.fortinet.com.

Video Transcription
00:00
>> In this video, you will learn how to
00:00
provide a group of remote users with
00:00
secure encrypted access to
00:00
the corporate network using the IPSec VPN wizard.
00:00
The tunnel provides group members
00:00
with encrypted access to
00:00
the internal network and forces them through
00:00
the FortiGate unit for secure Internet access.
00:00
First, go to user and device, user,
00:00
user definition, and create a new local user.
00:00
For the username enter, Alice.
00:00
Enter a safe password.
00:00
Add the e-mail address.
00:00
Select enable.
00:00
Then go to user and device, user,
00:00
user groups, and create a user group for remote users.
00:00
Then add the user you created to the group.
00:00
Next, go to policy and objects,
00:00
objects, addresses, and
00:00
add a firewall address for the local LAN.
00:00
Make sure that you include
00:00
the subnet and local interface.
00:00
Go to VPN, IPSec, wizard,
00:00
and create a new IPSec VPN tunnel using the wizard.
00:00
Name the VPN connection.
00:00
Select dialup FortiClient for Windows,
00:00
Mac OS, and Android and click next.
00:00
Set incoming interface to
00:00
>> the internet facing interface.
00:00
>> Set authentication method to pre-shared key.
00:00
The pre-shared key is a credential for
00:00
the VPN and should differ from the user's password.
00:00
Select your IPSec VPN user group and then click next.
00:00
Set local interface to
00:00
the internal interface and
00:00
set local address to the local LAN.
00:00
For the client address range,
00:00
enter an IP range that will be assigned to VPN users.
00:00
Click next and for
00:00
your client options, select save password.
00:00
FortiOS automatically creates a new firewall object
00:00
for the VPN tunnel.
00:00
It also creates a security policy to allow
00:00
remote users to access the internal network.
00:00
Next, go to policy and objects,
00:00
policy, IPv4,
00:00
and create a security policy to allow
00:00
remote users to access
00:00
the internet securely through the FortiGate unit.
00:00
Set incoming interface to
00:00
the tunnel interface and set source address to all.
00:00
Set outgoing interface to WAN
00:00
1 and destination address to all.
00:00
Set service to all and ensure that you enable NAT.
00:00
Next, open FortiClient.
00:00
Go to remote access and add a new connection.
00:00
Provide a connection name and set type to IPSec VPN.
00:00
Set remote gateway to the FortiGate IP address.
00:00
Set authentication method to
00:00
pre-shared key and enter the key. Click, okay.
00:00
Select the new connection and enter
00:00
the username and password and click connect.
00:00
Once the connection is established,
00:00
the FortiGate assigns the user an IP address.
00:00
FortiClient displays the connection status,
00:00
which includes the IP address,
00:00
duration, and bytes sent and received.
00:00
Open a browser and ensure that you
00:00
can successfully reach a server.
00:00
This example displays an XAMPP web server.
00:00
Then on the FortiGate unit, go to VPN,
00:00
monitor, IPSec monitor,
00:00
and verify the status of the tunnel.
00:00
Go to log and report,
00:00
traffic log, forward traffic to view the traffic.
00:00
Select an entry to view more information.
00:00
Thank you for watching.
00:00
For more information,
00:00
you can access Fortinet complete
00:00
documentation library at docs.fortinet.com.
Up Next