Internet browsing configuration IPSec VPN
FortiGate Version 4.0 MR1 Administration Guide
624 01-410-89802-20090903
http://docs.fortinet.com/ • Feedback
Internet browsing configuration
By using appropriate firewall policies, you can enable VPN users to browse the Internet
through the FortiGate unit. The required policies are different for policy-based and route-
based VPNs. For more information, see “Configuring firewall policies” on page 391.
To create a policy-based VPN Internet browsing configuration
1 Go to Firewall > Policy.
2 Select Create New and enter the following information
3 Configure other settings as required.
4 Select OK.
To configure a route-based VPN Internet browsing configuration
1 Go to Firewall > Policy.
Encryption Key Enter an encryption key appropriate to the encryption algorithm:
• for DES, type a 16-character hexadecimal number (0-9, a-f).
• for 3DES, type a 48-character hexadecimal number (0-9, a-f) separated
into three segments of 16 characters.
• for AES128, type a 32-character hexadecimal number (0-9, a-f) separated
into two segments of 16 characters.
• for AES192, type a 48-character hexadecimal number (0-9, a-f) separated
into three segments of 16 characters.
• for AES256, type a 64-character hexadecimal number (0-9, a-f) separated
into four segments of 16 characters.
Authentication
Algorithm
Select one of the following message digests:
MD5 — Message Digest 5 algorithm, which produces a 128-bit message
digest.
SHA1 — Secure Hash Algorithm 1, which produces a 160-bit message digest.
SHA256 — Secure Hash Algorithm 2, which produces a 256-bit message
digest.
Note: The Algorithms for encryption and authentication cannot both be NULL.
Authentication
Key
Enter an authentication key appropriate to the authentication algorithm:
• for MD5, type a 32-character hexadecimal number separated into two
segments of 16 characters.
• for SHA1, type a 40-character hexadecimal number separated into two
segments of 16 characters and a third segment of 8 characters.
• for SHA256, type a 64-character hexadecimal number separated into four
segments of 16 characters.
Digits can be 0 to 9, and a to f.
IPSec Interface
Mode
Create a virtual interface for the local end of the VPN tunnel. Select this check
box to create a route-based VPN, clear it to create a policy-based VPN.
This is available only in NAT/Route mode.
Source Interface/Zone Select the FortiGate unit public interface.
Source Address Name Select All.
Destination Interface/Zone Select the FortiGate unit public interface.
Destination Address Name Select the remote network address name.
Action Select IPSEC.
VPN Tunnel Select the tunnel that provides access to the private network
behind the FortiGate unit.
Inbound NAT Select the check box.
To Next Page
Loading...
Need help?
General