{"id":135,"date":"2022-03-11T04:22:51","date_gmt":"2022-03-11T09:22:51","guid":{"rendered":"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/chapter\/chapter-4-vpn\/"},"modified":"2025-12-11T14:35:15","modified_gmt":"2025-12-11T19:35:15","slug":"ipsec-vpn","status":"publish","type":"chapter","link":"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/chapter\/ipsec-vpn\/","title":{"raw":"4.1 IPsec VPN","rendered":"4.1 IPsec VPN"},"content":{"raw":"<div class=\"textbox textbox--learning-objectives\"><header class=\"textbox__header\">\r\n<p class=\"textbox__title\">Learning Objectives<\/p>\r\n\r\n<\/header>\r\n<div class=\"textbox__content\">\r\n<ul>\r\n \t<li class=\"hanging-indent\">Configure an IPsec VPN<\/li>\r\n \t<li class=\"hanging-indent\">Configure a site-to-site VPN<\/li>\r\n<\/ul>\r\n<\/div>\r\n<\/div>\r\n<div class=\"textbox shaded\"><strong>Scenario<\/strong>: We are going to have IPsec VPN from Windows to FortiGate Firewall. First, we are going to install FortiClient on Windows and then we will configure the firewall for FortiClient. The goal of this scenario is to have connectivity from Windows to PC1. You should be able to ping PC1 after you have established your VPN connection.<\/div>\r\n&nbsp;\r\n\r\n[caption id=\"attachment_131\" align=\"aligncenter\" width=\"1203\"]<img class=\"wp-image-98 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/04\/1-4.jpg\" alt=\"IPSEC VPN main scenario\" width=\"1203\" height=\"444\" \/> Figure 4.1: Main scenario[\/caption]\r\n<h2>Configuration<\/h2>\r\n<div align=\"left\">\r\n<table class=\"aligncenter\" style=\"width: 100%\"><caption>Table 4.1: Devices configuration<\/caption>\r\n<tbody>\r\n<tr>\r\n<th style=\"width: 139.975px\" scope=\"col\">Device<\/th>\r\n<th style=\"width: 273.337px\" scope=\"col\">IP address<\/th>\r\n<th style=\"width: 64.3875px\" scope=\"col\">Access<\/th>\r\n<\/tr>\r\n<tr>\r\n<td style=\"width: 139.975px\">WebTerm2<\/td>\r\n<td style=\"width: 273.337px\">192.168.0.2\/24<\/td>\r\n<td style=\"width: 64.3875px\">-<\/td>\r\n<\/tr>\r\n<tr>\r\n<td style=\"width: 139.975px\">VPC<\/td>\r\n<td style=\"width: 273.337px\">DHCP Client<\/td>\r\n<td style=\"width: 64.3875px\">-<\/td>\r\n<\/tr>\r\n<tr>\r\n<td style=\"width: 139.975px\">Ethernet Switch1-2<\/td>\r\n<td style=\"width: 273.337px\">-<\/td>\r\n<td style=\"width: 64.3875px\">-<\/td>\r\n<\/tr>\r\n<tr>\r\n<td style=\"width: 139.975px\">FortiGate<\/td>\r\n<td style=\"width: 273.337px\">Port 1: DHCP Client\r\n\r\nPort 2: 192.168.0.1\/24\r\n\r\nDHCP Server (192.168.0.10 to 192.168.0.20)<\/td>\r\n<td style=\"width: 64.3875px\">ICMP\r\n\r\nHTTP\r\n\r\nHTTPS<\/td>\r\n<\/tr>\r\n<tr>\r\n<td style=\"width: 139.975px\">Windows<\/td>\r\n<td style=\"width: 273.337px\">DHCP Client<\/td>\r\n<td style=\"width: 64.3875px\">-<\/td>\r\n<\/tr>\r\n<\/tbody>\r\n<\/table>\r\n<\/div>\r\n<img class=\"size-full wp-image-1141 aligncenter\" src=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/03\/Screenshot-2025-12-02-1206422222222.png\" alt=\"\" width=\"600\" height=\"313\" \/>\r\n<p style=\"text-align: center\"><span style=\"background-color: #ffff00\">Figure 4.2: Basic configuration of port1 and port2<\/span><\/p>\r\n<img class=\"wp-image-1142 size-full aligncenter\" src=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/03\/Screenshot-2025-12-02-1206422222223.png\" alt=\"\" width=\"764\" height=\"704\" \/>\r\n<p style=\"text-align: center\"><span style=\"background-color: #ffff00\">Figure 4.3: Configure static IP address on Webterm2<\/span><\/p>\r\n<span style=\"background-color: #ffff00\">After configuring Port 2, you should be able to access the firewall via WebTerm2. Open a browser and enter: https:\/\/192.168.0.1\u00a0<\/span>\r\n<div class=\"mceTemp\"><\/div>\r\n<div class=\"mceTemp\"><\/div>\r\n<ol>\r\n \t<li>Set a DHCP server on interface port2 (Range of IP address should be: 192.168.0.20 to 192.168.0.30, DNS: 4.2.2.4).\r\n\r\n[caption id=\"attachment_131\" align=\"alignnone\" width=\"1558\"]<img class=\"wp-image-101 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/123.jpg\" alt=\"Set a DHCP server on interface port2 (Range of IP address should be: 192.168.0.20- 192.168.0.30, DNS: 4.2.2.4)\" width=\"1558\" height=\"614\" \/> Figure 4.4: Set DHCP IP address[\/caption]\r\n\r\n[caption id=\"attachment_102\" align=\"aligncenter\" width=\"450\"]<img class=\"wp-image-102\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/DHCP-IP-Active-Config.png\" alt=\"Enable DHCP client\" width=\"450\" height=\"419\" \/> Figure 4.5: Enable DHCP client[\/caption]\r\n\r\n<div class=\"mceTemp\"><\/div><\/li>\r\n \t<li>Go to <strong>User &amp; Authentication<\/strong> &gt; <strong>User Group<\/strong> &gt; <strong>Create New<\/strong>:\r\n<ul>\r\n \t<li>Name: <strong>VPN_GRP_A0ID<\/strong><\/li>\r\n \t<li>TYPE:<strong> Firewall<\/strong><\/li>\r\n<\/ul>\r\n[caption id=\"attachment_104\" align=\"aligncenter\" width=\"500\"]<img class=\"wp-image-104\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/Create-User-Group.png\" alt=\"Create a User Groups\" width=\"500\" height=\"284\" \/> Figure 4.7: Create a user group[\/caption]\r\n\r\n[caption id=\"attachment_131\" align=\"aligncenter\" width=\"1267\"]<img class=\"wp-image-105 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/Create-User-Group-2-.png\" alt=\"Create a group in the firewall\" width=\"1267\" height=\"703\" \/> Figure 4.8: Create a group in the firewall[\/caption]<\/li>\r\n \t<li>Go to <strong>User &amp; Authentication<\/strong> &gt; <strong>User Definition<\/strong> &gt; <strong>Create a User<\/strong>:\r\n\r\n[caption id=\"attachment_131\" align=\"alignnone\" width=\"1272\"]<img class=\"wp-image-106 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/User-Defenition.png\" alt=\"Create a new user\" width=\"1272\" height=\"711\" \/> Figure 4.9: Create a new user[\/caption]\r\n\r\n[caption id=\"attachment_131\" align=\"alignnone\" width=\"1278\"]<img class=\"wp-image-107 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/User-Defenition-2-.png\" alt=\"Create a Local User\" width=\"1278\" height=\"714\" \/> Figure 4.10: Create a local user[\/caption]\r\n\r\n[caption id=\"attachment_131\" align=\"alignnone\" width=\"1274\"]<img class=\"wp-image-108 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/User-Defenition-3-.png\" alt=\"Configure a login credentials for the user\" width=\"1274\" height=\"718\" \/> Figure 4.11: Configure login credentials for the user[\/caption]\r\n\r\n[caption id=\"attachment_131\" align=\"alignnone\" width=\"1271\"]<img class=\"wp-image-109 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/User-Defenition-4-.png\" alt=\"Enter Contact Info\" width=\"1271\" height=\"718\" \/> Figure 4.12: Contact info[\/caption]<\/li>\r\n \t<li>Assign User Group to your profile.\r\n\r\n[caption id=\"attachment_131\" align=\"alignnone\" width=\"1274\"]<img class=\"wp-image-110 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/User-Defenition-5-.png\" alt=\"Assign a user to the group\" width=\"1274\" height=\"718\" \/> Figure 4.13: Assign a user to the group[\/caption]\r\n\r\n[caption id=\"attachment_131\" align=\"alignnone\" width=\"1269\"]<img class=\"wp-image-111 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/User-Defenition-6-.png\" alt=\"Verify configuration\" width=\"1269\" height=\"721\" \/> Figure 4.14: Verify configuration[\/caption]<\/li>\r\n \t<li>Go to <strong>VPN<\/strong> &gt; <strong>IPsec Wizard<\/strong>.\r\n<ol>\r\n \t<li>First:\r\n<ul>\r\n \t<li>Select Name: <b>A0ID- VPN(A0ID is a <\/b><span style=\"font-size: 18.6667px\"><b>student<\/b><\/span><b> ID)<\/b><\/li>\r\n \t<li>Template Type: <strong>Remote Access<\/strong><\/li>\r\n \t<li>Remote Type Device: <strong>FortiClient<\/strong><\/li>\r\n<\/ul>\r\n[caption id=\"attachment_131\" align=\"alignnone\" width=\"1270\"]<img class=\"wp-image-112 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/VPN-2-png.png\" alt=\"Create a VPN connection\" width=\"1270\" height=\"711\" \/> Figure 4.15: Create a VPN connection[\/caption]<\/li>\r\n \t<li>Then:\r\n<ul>\r\n \t<li>Incoming Interface: <strong>Port1<\/strong><\/li>\r\n \t<li>Pre-shared Key: &lt;Select a key like a password&gt;<\/li>\r\n \t<li>User Group: <strong>VPN_GRP_A0ID<\/strong><\/li>\r\n<\/ul>\r\n[caption id=\"attachment_131\" align=\"alignnone\" width=\"1272\"]<img class=\"wp-image-113 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/VPN-3.png\" alt=\"Configure Authentication\" width=\"1272\" height=\"724\" \/> Figure 4.16: Configure authentication[\/caption]<\/li>\r\n \t<li>Next:\r\n<ul>\r\n \t<li>Local Interface: <strong>Port 2<\/strong><\/li>\r\n \t<li>Local Address: Add your local range of IP address (192.168.0.0\/24)<\/li>\r\n \t<li>Client Range: <strong>172.16.0.1 to 172.16.0.10<\/strong><\/li>\r\n \t<li>Subnet Mask: <strong>255.255.255.0<\/strong><\/li>\r\n \t<li><strong>Disable Split Tunneling<\/strong><\/li>\r\n<\/ul>\r\n[caption id=\"attachment_131\" align=\"alignnone\" width=\"1273\"]<img class=\"wp-image-114 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/VPN-7.png\" alt=\"Configure Policy &amp; Routing\" width=\"1273\" height=\"714\" \/> Figure 4.17: Configure Policy &amp; Routing[\/caption]\r\n\r\n[caption id=\"attachment_131\" align=\"alignnone\" width=\"1279\"]<img class=\"wp-image-115 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/VPN9.png\" alt=\"Review Settings\" width=\"1279\" height=\"712\" \/> Figure 4.18: Review Settings[\/caption]<\/li>\r\n<\/ol>\r\n<\/li>\r\n \t<li>On Windows machine, <a href=\"https:\/\/www.fortinet.com\/products\/endpoint-security\/forticlient\">download FortiClient from Fortinet<\/a>. Install the FortiClient and configure IPsec as set in the previous steps. Your remote Gateway IP should be the Port1 IP address.\r\n\r\n[caption id=\"attachment_131\" align=\"aligncenter\" width=\"1287\"]<img class=\"wp-image-116 size-full\" style=\"text-align: initial;font-size: 14pt\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/Windows-Machine-10-.png\" alt=\"Download FortiClient from https:\/\/www.forticlient.com\/downloads Install the Forti Client and configure IPSEC as set in the previous steps\" width=\"1287\" height=\"718\" \/> Figure 4.19: Install FortiClient on Windows[\/caption]<\/li>\r\n \t<li>\r\n\r\n[caption id=\"attachment_117\" align=\"aligncenter\" width=\"450\"]<img class=\"wp-image-117\" style=\"font-size: 18.6667px\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/Windows-Machine-12-.png\" alt=\"Configure VPN in FortiClient\" width=\"450\" height=\"292\" \/> Figure 4.20: Configure VPN in FortiClient[\/caption]<\/li>\r\n \t<li>\r\n\r\n[caption id=\"attachment_118\" align=\"aligncenter\" width=\"450\"]<img class=\"wp-image-118\" style=\"font-size: 18.6667px\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/Windows-Machine-11-.png\" alt=\"Accept FortiClient Free License\" width=\"450\" height=\"295\" \/> Figure 4.21: Accept FortiClient Free Licence[\/caption]<\/li>\r\n \t<li>\r\n\r\n[caption id=\"attachment_131\" align=\"aligncenter\" width=\"1279\"]<img class=\"wp-image-119 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/Windows-Machine-13-.png\" alt=\"Port1 IP Address\" width=\"1279\" height=\"714\" \/> Figure 4.22: Port1 IP Address[\/caption]<\/li>\r\n \t<li>\r\n\r\n[caption id=\"attachment_131\" align=\"aligncenter\" width=\"1101\"]<img class=\"wp-image-120 size-full\" style=\"text-align: initial;font-size: 14pt\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/Windows-Machine-14-.png\" alt=\"Configure FortiClient Remote Gateway and Pre-shared key\" width=\"1101\" height=\"720\" \/> Figure 4.23: Configure FortiClient Remote Gateway and Pre-shared key[\/caption]<\/li>\r\n \t<li>You should be able to ping from Windows to VPC.\r\n\r\n[caption id=\"attachment_131\" align=\"aligncenter\" width=\"1280\"]<img class=\"wp-image-121 size-full\" style=\"text-align: initial;font-size: 14pt\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/Windows-Machine-15.png\" alt=\"You should be to ping from windows to VPC.\" width=\"1280\" height=\"715\" \/> Figure 4.24: Verify configuration[\/caption]<\/li>\r\n<\/ol>\r\n<h2>Site-to-Site VPN (IPsec VPN)<\/h2>\r\n<div class=\"textbox shaded\"><strong>Scenario: <\/strong>We are going to have IPsec VPN from WebTerm1 to WebTerm2. First, we are going to configure both firewalls through IPsec VPN Wizards and then we will verify connectivity from WebTerm1 to WebTerm2.<\/div>\r\n\r\n[caption id=\"attachment_131\" align=\"aligncenter\" width=\"1075\"]<img class=\"wp-image-122 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/3-1.jpg\" alt=\"main scenario\" width=\"1075\" height=\"415\" \/> Figure 4.25: Main scenario[\/caption]\r\n\r\nTo validate Firewalls licences, we are going to connect them to the Internet.\r\n\r\n[caption id=\"attachment_131\" align=\"aligncenter\" width=\"1054\"]<img class=\"wp-image-123 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/4-2.jpg\" alt=\"Validate firewall licenses\" width=\"1054\" height=\"648\" \/> Figure 4.26: Validate firewall licences[\/caption]\r\n\r\n<div align=\"left\">\r\n<table class=\"aligncenter\" style=\"width: 100%\"><caption>Table 4.2: Devices configuration<\/caption>\r\n<tbody>\r\n<tr style=\"height: 18px\">\r\n<th style=\"width: 118px;height: 18px\" scope=\"col\">Device<\/th>\r\n<th style=\"width: 165px;height: 18px\" scope=\"col\">IP address<\/th>\r\n<th style=\"width: 213px;height: 18px\" scope=\"col\">Access<\/th>\r\n<\/tr>\r\n<tr style=\"height: 18px\">\r\n<td style=\"width: 118px;height: 18px\">Fortigate1<\/td>\r\n<td style=\"width: 165px;height: 18px\">10.10.10.1\/24<\/td>\r\n<td style=\"width: 213px;height: 18px\">ICMP-HTTP-HTTPS<\/td>\r\n<\/tr>\r\n<tr style=\"height: 18px\">\r\n<td style=\"width: 118px;height: 18px\">Fortigate2<\/td>\r\n<td style=\"width: 165px;height: 18px\">10.10.10.2\/24<\/td>\r\n<td style=\"width: 213px;height: 18px\">ICMP-HTTP-HTTPS<\/td>\r\n<\/tr>\r\n<tr style=\"height: 18px\">\r\n<td style=\"width: 118px;height: 18px\">WebTerm1<\/td>\r\n<td style=\"width: 165px;height: 18px\">192.168.20.2\/24<\/td>\r\n<td style=\"width: 213px;height: 18px\">-<\/td>\r\n<\/tr>\r\n<tr style=\"height: 18px\">\r\n<td style=\"width: 118px;height: 18px\">WebTerm2<\/td>\r\n<td style=\"width: 165px;height: 18px\">192.168.10.2\/24<\/td>\r\n<td style=\"width: 213px;height: 18px\">-<\/td>\r\n<\/tr>\r\n<\/tbody>\r\n<\/table>\r\n<\/div>\r\n<div class=\"textbox shaded\"><span style=\"background-color: #ffff00\"><strong>Note:<\/strong>Port1 is used for firewall licensing. Once the license is successfully applied, you can disconnect port1.<\/span><\/div>\r\n<div class=\"mceTemp\"><\/div>\r\n<ol>\r\n \t<li>On the FG1, go to\u00a0<strong>VPN &gt; IPsec Wizard<\/strong> and select Site to Site \u2013 FortiGate.\r\n\r\n[caption id=\"attachment_124\" align=\"aligncenter\" width=\"1133\"]<img class=\"wp-image-124 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/5-1.jpg\" alt=\"\" width=\"1133\" height=\"557\" \/> Figure 4.27: VPN Setup[\/caption]<\/li>\r\n \t<li>Select <strong>Site2Site\/ FortiGate \/No Nat. <\/strong>Enter Remote IP: <strong>10.10.10.2\/24<\/strong>, outgoing interface: <strong>port3<\/strong>.\r\n\r\n[caption id=\"attachment_125\" align=\"aligncenter\" width=\"1133\"]<img class=\"wp-image-125 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/6-2.jpg\" alt=\"Select Site2Site\/ FortiGate \/No Nat\" width=\"1133\" height=\"569\" \/> Figure 4.28: Authentication[\/caption]<\/li>\r\n \t<li>Local Interface: port2, IP: <strong>192.168.20.0\/24<\/strong>, Remote subnet: <strong>192.168.10.0\/24<\/strong>. Through the wizard, FortiGate creates two policies and two static routes in the firewall.\r\n\r\n[caption id=\"attachment_131\" align=\"aligncenter\" width=\"1152\"]<img class=\"wp-image-126 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/7.jpg\" alt=\"Local Interface: port2 \u00a0 IP: 192.168.20.0\/24, Remote subnet: 192.168.10.0\/24\" width=\"1152\" height=\"620\" \/> Figure 4.29: Policy &amp; Routing[\/caption]<\/li>\r\n \t<li>On the FG2, go to <strong>VPN &gt; IPsec Wizard<\/strong> and select Site-to-Site \u2013 FortiGate.\r\n\r\n[caption id=\"attachment_127\" align=\"alignnone\" width=\"1104\"]<img class=\"wp-image-127 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/8-1.jpg\" alt=\"\" width=\"1104\" height=\"643\" \/> Figure 4.30: Set up FG2[\/caption]<\/li>\r\n \t<li>Do the same configuration for FG2 (remote IP is 10.10.10.1\/24 and local IP is 192.168.10.0\/24).\r\n\r\n[caption id=\"attachment_131\" align=\"aligncenter\" width=\"1121\"]<img class=\"wp-image-128 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/9-1.jpg\" alt=\"(remote IP is 10.10.10.1\/24 and local IP is 192.168.10.0\/24)\" width=\"1121\" height=\"602\" \/> Figure 4.31: Authentication in FG2[\/caption]<\/li>\r\n \t<li>\r\n\r\n[caption id=\"attachment_131\" align=\"aligncenter\" width=\"1079\"]<img class=\"wp-image-129 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/10-1.jpg\" alt=\"Step 6- Policy &amp; Routing in FG2\" width=\"1079\" height=\"639\" \/> Figure 4.32: Policy &amp; Routing in FG2[\/caption]<\/li>\r\n \t<li>\r\n\r\n[caption id=\"attachment_131\" align=\"aligncenter\" width=\"1219\"]<img class=\"wp-image-130 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/11-1.jpg\" alt=\"Configure IPsec Tunnels\" width=\"1219\" height=\"268\" \/> Figure 4.33: Configure IPsec Tunnels[\/caption]\r\n\r\nThen, go to your IPsec Tunnels and double click on Inactive.\r\n\r\nOn the next windows, right click on the <strong>tunnel<\/strong> &gt; <strong>Bring UP<\/strong> &gt; <strong>All Phase 2 selectors<\/strong>. Then, your tunnel should be up!\r\n\r\n[caption id=\"attachment_131\" align=\"aligncenter\" width=\"1186\"]<img class=\"wp-image-131 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/12.jpg\" alt=\"Bring up IPsec Tunnel\" width=\"1186\" height=\"577\" \/> Figure 4.34: Bring up IPsec Tunnel[\/caption]\r\n\r\n[caption id=\"attachment_131\" align=\"aligncenter\" width=\"1266\"]<img class=\"wp-image-337 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/13-1.jpg\" alt=\"Verify the status of the tunnel\" width=\"1266\" height=\"457\" \/> Figure 4.35: Verify the status of the tunnel[\/caption]<\/li>\r\n \t<li><span style=\"background-color: #ffff00\">Go to <strong>Logs &amp; Reports<\/strong> &gt; <strong>Event<\/strong> &gt; <strong>VPN Event<\/strong> and verify your configuration<\/span>.<\/li>\r\n \t<li>\r\n\r\n[caption id=\"attachment_1117\" align=\"aligncenter\" width=\"997\"]<img class=\"wp-image-1117 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/03\/Screenshot-2025-11-26-122429.png\" alt=\"\" width=\"997\" height=\"521\" \/> Figure 4.36: Verify the logs[\/caption]<\/li>\r\n \t<li>You should be able to ping from WebTerm1 to WebTerm2.\r\n\r\n[caption id=\"attachment_131\" align=\"aligncenter\" width=\"800\"]<img class=\"wp-image-338 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/14-1.jpg\" alt=\"You should be able to ping from WebTerm 1 to WebTerm 2\" width=\"800\" height=\"509\" \/> Figure 4.37: Verify configuration[\/caption]<\/li>\r\n<\/ol>","rendered":"<div class=\"textbox textbox--learning-objectives\">\n<header class=\"textbox__header\">\n<p class=\"textbox__title\">Learning Objectives<\/p>\n<\/header>\n<div class=\"textbox__content\">\n<ul>\n<li class=\"hanging-indent\">Configure an IPsec VPN<\/li>\n<li class=\"hanging-indent\">Configure a site-to-site VPN<\/li>\n<\/ul>\n<\/div>\n<\/div>\n<div class=\"textbox shaded\"><strong>Scenario<\/strong>: We are going to have IPsec VPN from Windows to FortiGate Firewall. First, we are going to install FortiClient on Windows and then we will configure the firewall for FortiClient. The goal of this scenario is to have connectivity from Windows to PC1. You should be able to ping PC1 after you have established your VPN connection.<\/div>\n<p>&nbsp;<\/p>\n<figure id=\"attachment_131\" aria-describedby=\"caption-attachment-131\" style=\"width: 1203px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-98 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/04\/1-4.jpg\" alt=\"IPSEC VPN main scenario\" width=\"1203\" height=\"444\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/04\/1-4.jpg 1203w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/04\/1-4-300x111.jpg 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/04\/1-4-1024x378.jpg 1024w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/04\/1-4-768x283.jpg 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/04\/1-4-65x24.jpg 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/04\/1-4-225x83.jpg 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/04\/1-4-350x129.jpg 350w\" sizes=\"auto, (max-width: 1203px) 100vw, 1203px\" \/><figcaption id=\"caption-attachment-131\" class=\"wp-caption-text\">Figure 4.1: Main scenario<\/figcaption><\/figure>\n<h2>Configuration<\/h2>\n<div style=\"text-align: left;\">\n<table class=\"aligncenter\" style=\"width: 100%\">\n<caption>Table 4.1: Devices configuration<\/caption>\n<tbody>\n<tr>\n<th style=\"width: 139.975px\" scope=\"col\">Device<\/th>\n<th style=\"width: 273.337px\" scope=\"col\">IP address<\/th>\n<th style=\"width: 64.3875px\" scope=\"col\">Access<\/th>\n<\/tr>\n<tr>\n<td style=\"width: 139.975px\">WebTerm2<\/td>\n<td style=\"width: 273.337px\">192.168.0.2\/24<\/td>\n<td style=\"width: 64.3875px\">&#8211;<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 139.975px\">VPC<\/td>\n<td style=\"width: 273.337px\">DHCP Client<\/td>\n<td style=\"width: 64.3875px\">&#8211;<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 139.975px\">Ethernet Switch1-2<\/td>\n<td style=\"width: 273.337px\">&#8211;<\/td>\n<td style=\"width: 64.3875px\">&#8211;<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 139.975px\">FortiGate<\/td>\n<td style=\"width: 273.337px\">Port 1: DHCP Client<\/p>\n<p>Port 2: 192.168.0.1\/24<\/p>\n<p>DHCP Server (192.168.0.10 to 192.168.0.20)<\/td>\n<td style=\"width: 64.3875px\">ICMP<\/p>\n<p>HTTP<\/p>\n<p>HTTPS<\/td>\n<\/tr>\n<tr>\n<td style=\"width: 139.975px\">Windows<\/td>\n<td style=\"width: 273.337px\">DHCP Client<\/td>\n<td style=\"width: 64.3875px\">&#8211;<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1141 aligncenter\" src=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/03\/Screenshot-2025-12-02-1206422222222.png\" alt=\"\" width=\"600\" height=\"313\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/03\/Screenshot-2025-12-02-1206422222222.png 600w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/03\/Screenshot-2025-12-02-1206422222222-300x157.png 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/03\/Screenshot-2025-12-02-1206422222222-65x34.png 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/03\/Screenshot-2025-12-02-1206422222222-225x117.png 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/03\/Screenshot-2025-12-02-1206422222222-350x183.png 350w\" sizes=\"auto, (max-width: 600px) 100vw, 600px\" \/><\/p>\n<p style=\"text-align: center\"><span style=\"background-color: #ffff00\">Figure 4.2: Basic configuration of port1 and port2<\/span><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-1142 size-full aligncenter\" src=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/03\/Screenshot-2025-12-02-1206422222223.png\" alt=\"\" width=\"764\" height=\"704\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/03\/Screenshot-2025-12-02-1206422222223.png 764w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/03\/Screenshot-2025-12-02-1206422222223-300x276.png 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/03\/Screenshot-2025-12-02-1206422222223-65x60.png 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/03\/Screenshot-2025-12-02-1206422222223-225x207.png 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/03\/Screenshot-2025-12-02-1206422222223-350x323.png 350w\" sizes=\"auto, (max-width: 764px) 100vw, 764px\" \/><\/p>\n<p style=\"text-align: center\"><span style=\"background-color: #ffff00\">Figure 4.3: Configure static IP address on Webterm2<\/span><\/p>\n<p><span style=\"background-color: #ffff00\">After configuring Port 2, you should be able to access the firewall via WebTerm2. Open a browser and enter: https:\/\/192.168.0.1\u00a0<\/span><\/p>\n<div class=\"mceTemp\"><\/div>\n<div class=\"mceTemp\"><\/div>\n<ol>\n<li>Set a DHCP server on interface port2 (Range of IP address should be: 192.168.0.20 to 192.168.0.30, DNS: 4.2.2.4).<br \/>\n<figure id=\"attachment_131\" aria-describedby=\"caption-attachment-131\" style=\"width: 1558px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-101 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/123.jpg\" alt=\"Set a DHCP server on interface port2 (Range of IP address should be: 192.168.0.20- 192.168.0.30, DNS: 4.2.2.4)\" width=\"1558\" height=\"614\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/123.jpg 1558w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/123-300x118.jpg 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/123-1024x404.jpg 1024w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/123-768x303.jpg 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/123-1536x605.jpg 1536w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/123-65x26.jpg 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/123-225x89.jpg 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/123-350x138.jpg 350w\" sizes=\"auto, (max-width: 1558px) 100vw, 1558px\" \/><figcaption id=\"caption-attachment-131\" class=\"wp-caption-text\">Figure 4.4: Set DHCP IP address<\/figcaption><\/figure>\n<figure id=\"attachment_102\" aria-describedby=\"caption-attachment-102\" style=\"width: 450px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-102\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/DHCP-IP-Active-Config.png\" alt=\"Enable DHCP client\" width=\"450\" height=\"419\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/DHCP-IP-Active-Config.png 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/DHCP-IP-Active-Config-300x279.png 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/DHCP-IP-Active-Config-65x61.png 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/DHCP-IP-Active-Config-225x209.png 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/DHCP-IP-Active-Config-350x326.png 350w\" sizes=\"auto, (max-width: 450px) 100vw, 450px\" \/><figcaption id=\"caption-attachment-102\" class=\"wp-caption-text\">Figure 4.5: Enable DHCP client<\/figcaption><\/figure>\n<div class=\"mceTemp\"><\/div>\n<\/li>\n<li>Go to <strong>User &amp; Authentication<\/strong> &gt; <strong>User Group<\/strong> &gt; <strong>Create New<\/strong>:\n<ul>\n<li>Name: <strong>VPN_GRP_A0ID<\/strong><\/li>\n<li>TYPE:<strong> Firewall<\/strong><\/li>\n<\/ul>\n<figure id=\"attachment_104\" aria-describedby=\"caption-attachment-104\" style=\"width: 500px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-104\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/Create-User-Group.png\" alt=\"Create a User Groups\" width=\"500\" height=\"284\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/Create-User-Group.png 1268w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/Create-User-Group-300x171.png 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/Create-User-Group-1024x582.png 1024w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/Create-User-Group-768x437.png 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/Create-User-Group-65x37.png 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/Create-User-Group-225x128.png 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/Create-User-Group-350x199.png 350w\" sizes=\"auto, (max-width: 500px) 100vw, 500px\" \/><figcaption id=\"caption-attachment-104\" class=\"wp-caption-text\">Figure 4.7: Create a user group<\/figcaption><\/figure>\n<figure id=\"attachment_131\" aria-describedby=\"caption-attachment-131\" style=\"width: 1267px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-105 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/Create-User-Group-2-.png\" alt=\"Create a group in the firewall\" width=\"1267\" height=\"703\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/Create-User-Group-2-.png 1267w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/Create-User-Group-2--300x166.png 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/Create-User-Group-2--1024x568.png 1024w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/Create-User-Group-2--768x426.png 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/Create-User-Group-2--65x36.png 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/Create-User-Group-2--225x125.png 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/Create-User-Group-2--350x194.png 350w\" sizes=\"auto, (max-width: 1267px) 100vw, 1267px\" \/><figcaption id=\"caption-attachment-131\" class=\"wp-caption-text\">Figure 4.8: Create a group in the firewall<\/figcaption><\/figure>\n<\/li>\n<li>Go to <strong>User &amp; Authentication<\/strong> &gt; <strong>User Definition<\/strong> &gt; <strong>Create a User<\/strong>:<br \/>\n<figure id=\"attachment_131\" aria-describedby=\"caption-attachment-131\" style=\"width: 1272px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-106 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/User-Defenition.png\" alt=\"Create a new user\" width=\"1272\" height=\"711\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/User-Defenition.png 1272w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/User-Defenition-300x168.png 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/User-Defenition-1024x572.png 1024w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/User-Defenition-768x429.png 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/User-Defenition-65x36.png 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/User-Defenition-225x126.png 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/User-Defenition-350x196.png 350w\" sizes=\"auto, (max-width: 1272px) 100vw, 1272px\" \/><figcaption id=\"caption-attachment-131\" class=\"wp-caption-text\">Figure 4.9: Create a new user<\/figcaption><\/figure>\n<figure id=\"attachment_131\" aria-describedby=\"caption-attachment-131\" style=\"width: 1278px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-107 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/User-Defenition-2-.png\" alt=\"Create a Local User\" width=\"1278\" height=\"714\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/User-Defenition-2-.png 1278w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/User-Defenition-2--300x168.png 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/User-Defenition-2--1024x572.png 1024w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/User-Defenition-2--768x429.png 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/User-Defenition-2--65x36.png 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/User-Defenition-2--225x126.png 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/User-Defenition-2--350x196.png 350w\" sizes=\"auto, (max-width: 1278px) 100vw, 1278px\" \/><figcaption id=\"caption-attachment-131\" class=\"wp-caption-text\">Figure 4.10: Create a local user<\/figcaption><\/figure>\n<figure id=\"attachment_131\" aria-describedby=\"caption-attachment-131\" style=\"width: 1274px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-108 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/User-Defenition-3-.png\" alt=\"Configure a login credentials for the user\" width=\"1274\" height=\"718\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/User-Defenition-3-.png 1274w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/User-Defenition-3--300x169.png 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/User-Defenition-3--1024x577.png 1024w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/User-Defenition-3--768x433.png 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/User-Defenition-3--65x37.png 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/User-Defenition-3--225x127.png 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/User-Defenition-3--350x197.png 350w\" sizes=\"auto, (max-width: 1274px) 100vw, 1274px\" \/><figcaption id=\"caption-attachment-131\" class=\"wp-caption-text\">Figure 4.11: Configure login credentials for the user<\/figcaption><\/figure>\n<figure id=\"attachment_131\" aria-describedby=\"caption-attachment-131\" style=\"width: 1271px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-109 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/User-Defenition-4-.png\" alt=\"Enter Contact Info\" width=\"1271\" height=\"718\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/User-Defenition-4-.png 1271w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/User-Defenition-4--300x169.png 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/User-Defenition-4--1024x578.png 1024w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/User-Defenition-4--768x434.png 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/User-Defenition-4--65x37.png 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/User-Defenition-4--225x127.png 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/User-Defenition-4--350x198.png 350w\" sizes=\"auto, (max-width: 1271px) 100vw, 1271px\" \/><figcaption id=\"caption-attachment-131\" class=\"wp-caption-text\">Figure 4.12: Contact info<\/figcaption><\/figure>\n<\/li>\n<li>Assign User Group to your profile.<br \/>\n<figure id=\"attachment_131\" aria-describedby=\"caption-attachment-131\" style=\"width: 1274px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-110 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/User-Defenition-5-.png\" alt=\"Assign a user to the group\" width=\"1274\" height=\"718\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/User-Defenition-5-.png 1274w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/User-Defenition-5--300x169.png 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/User-Defenition-5--1024x577.png 1024w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/User-Defenition-5--768x433.png 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/User-Defenition-5--65x37.png 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/User-Defenition-5--225x127.png 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/User-Defenition-5--350x197.png 350w\" sizes=\"auto, (max-width: 1274px) 100vw, 1274px\" \/><figcaption id=\"caption-attachment-131\" class=\"wp-caption-text\">Figure 4.13: Assign a user to the group<\/figcaption><\/figure>\n<figure id=\"attachment_131\" aria-describedby=\"caption-attachment-131\" style=\"width: 1269px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-111 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/User-Defenition-6-.png\" alt=\"Verify configuration\" width=\"1269\" height=\"721\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/User-Defenition-6-.png 1269w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/User-Defenition-6--300x170.png 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/User-Defenition-6--1024x582.png 1024w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/User-Defenition-6--768x436.png 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/User-Defenition-6--65x37.png 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/User-Defenition-6--225x128.png 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/User-Defenition-6--350x199.png 350w\" sizes=\"auto, (max-width: 1269px) 100vw, 1269px\" \/><figcaption id=\"caption-attachment-131\" class=\"wp-caption-text\">Figure 4.14: Verify configuration<\/figcaption><\/figure>\n<\/li>\n<li>Go to <strong>VPN<\/strong> &gt; <strong>IPsec Wizard<\/strong>.\n<ol>\n<li>First:\n<ul>\n<li>Select Name: <b>A0ID- VPN(A0ID is a <\/b><span style=\"font-size: 18.6667px\"><b>student<\/b><\/span><b> ID)<\/b><\/li>\n<li>Template Type: <strong>Remote Access<\/strong><\/li>\n<li>Remote Type Device: <strong>FortiClient<\/strong><\/li>\n<\/ul>\n<figure id=\"attachment_131\" aria-describedby=\"caption-attachment-131\" style=\"width: 1270px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-112 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/VPN-2-png.png\" alt=\"Create a VPN connection\" width=\"1270\" height=\"711\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/VPN-2-png.png 1270w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/VPN-2-png-300x168.png 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/VPN-2-png-1024x573.png 1024w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/VPN-2-png-768x430.png 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/VPN-2-png-65x36.png 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/VPN-2-png-225x126.png 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/VPN-2-png-350x196.png 350w\" sizes=\"auto, (max-width: 1270px) 100vw, 1270px\" \/><figcaption id=\"caption-attachment-131\" class=\"wp-caption-text\">Figure 4.15: Create a VPN connection<\/figcaption><\/figure>\n<\/li>\n<li>Then:\n<ul>\n<li>Incoming Interface: <strong>Port1<\/strong><\/li>\n<li>Pre-shared Key: &lt;Select a key like a password&gt;<\/li>\n<li>User Group: <strong>VPN_GRP_A0ID<\/strong><\/li>\n<\/ul>\n<figure id=\"attachment_131\" aria-describedby=\"caption-attachment-131\" style=\"width: 1272px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-113 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/VPN-3.png\" alt=\"Configure Authentication\" width=\"1272\" height=\"724\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/VPN-3.png 1272w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/VPN-3-300x171.png 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/VPN-3-1024x583.png 1024w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/VPN-3-768x437.png 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/VPN-3-65x37.png 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/VPN-3-225x128.png 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/VPN-3-350x199.png 350w\" sizes=\"auto, (max-width: 1272px) 100vw, 1272px\" \/><figcaption id=\"caption-attachment-131\" class=\"wp-caption-text\">Figure 4.16: Configure authentication<\/figcaption><\/figure>\n<\/li>\n<li>Next:\n<ul>\n<li>Local Interface: <strong>Port 2<\/strong><\/li>\n<li>Local Address: Add your local range of IP address (192.168.0.0\/24)<\/li>\n<li>Client Range: <strong>172.16.0.1 to 172.16.0.10<\/strong><\/li>\n<li>Subnet Mask: <strong>255.255.255.0<\/strong><\/li>\n<li><strong>Disable Split Tunneling<\/strong><\/li>\n<\/ul>\n<figure id=\"attachment_131\" aria-describedby=\"caption-attachment-131\" style=\"width: 1273px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-114 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/VPN-7.png\" alt=\"Configure Policy &amp; Routing\" width=\"1273\" height=\"714\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/VPN-7.png 1273w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/VPN-7-300x168.png 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/VPN-7-1024x574.png 1024w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/VPN-7-768x431.png 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/VPN-7-65x36.png 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/VPN-7-225x126.png 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/VPN-7-350x196.png 350w\" sizes=\"auto, (max-width: 1273px) 100vw, 1273px\" \/><figcaption id=\"caption-attachment-131\" class=\"wp-caption-text\">Figure 4.17: Configure Policy &amp; Routing<\/figcaption><\/figure>\n<figure id=\"attachment_131\" aria-describedby=\"caption-attachment-131\" style=\"width: 1279px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-115 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/VPN9.png\" alt=\"Review Settings\" width=\"1279\" height=\"712\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/VPN9.png 1279w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/VPN9-300x167.png 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/VPN9-1024x570.png 1024w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/VPN9-768x428.png 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/VPN9-65x36.png 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/VPN9-225x125.png 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/VPN9-350x195.png 350w\" sizes=\"auto, (max-width: 1279px) 100vw, 1279px\" \/><figcaption id=\"caption-attachment-131\" class=\"wp-caption-text\">Figure 4.18: Review Settings<\/figcaption><\/figure>\n<\/li>\n<\/ol>\n<\/li>\n<li>On Windows machine, <a href=\"https:\/\/www.fortinet.com\/products\/endpoint-security\/forticlient\">download FortiClient from Fortinet<\/a>. Install the FortiClient and configure IPsec as set in the previous steps. Your remote Gateway IP should be the Port1 IP address.<br \/>\n<figure id=\"attachment_131\" aria-describedby=\"caption-attachment-131\" style=\"width: 1287px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-116 size-full\" style=\"text-align: initial;font-size: 14pt\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/Windows-Machine-10-.png\" alt=\"Download FortiClient from https:\/\/www.forticlient.com\/downloads Install the Forti Client and configure IPSEC as set in the previous steps\" width=\"1287\" height=\"718\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/Windows-Machine-10-.png 1287w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/Windows-Machine-10--300x167.png 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/Windows-Machine-10--1024x571.png 1024w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/Windows-Machine-10--768x428.png 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/Windows-Machine-10--65x36.png 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/Windows-Machine-10--225x126.png 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/Windows-Machine-10--350x195.png 350w\" sizes=\"auto, (max-width: 1287px) 100vw, 1287px\" \/><figcaption id=\"caption-attachment-131\" class=\"wp-caption-text\">Figure 4.19: Install FortiClient on Windows<\/figcaption><\/figure>\n<\/li>\n<li>\n<figure id=\"attachment_117\" aria-describedby=\"caption-attachment-117\" style=\"width: 450px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-117\" style=\"font-size: 18.6667px\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/Windows-Machine-12-.png\" alt=\"Configure VPN in FortiClient\" width=\"450\" height=\"292\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/Windows-Machine-12-.png 1102w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/Windows-Machine-12--300x195.png 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/Windows-Machine-12--1024x665.png 1024w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/Windows-Machine-12--768x499.png 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/Windows-Machine-12--65x42.png 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/Windows-Machine-12--225x146.png 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/Windows-Machine-12--350x227.png 350w\" sizes=\"auto, (max-width: 450px) 100vw, 450px\" \/><figcaption id=\"caption-attachment-117\" class=\"wp-caption-text\">Figure 4.20: Configure VPN in FortiClient<\/figcaption><\/figure>\n<\/li>\n<li>\n<figure id=\"attachment_118\" aria-describedby=\"caption-attachment-118\" style=\"width: 450px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-118\" style=\"font-size: 18.6667px\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/Windows-Machine-11-.png\" alt=\"Accept FortiClient Free License\" width=\"450\" height=\"295\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/Windows-Machine-11-.png 1099w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/Windows-Machine-11--300x197.png 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/Windows-Machine-11--1024x672.png 1024w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/Windows-Machine-11--768x504.png 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/Windows-Machine-11--65x43.png 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/Windows-Machine-11--225x148.png 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/Windows-Machine-11--350x230.png 350w\" sizes=\"auto, (max-width: 450px) 100vw, 450px\" \/><figcaption id=\"caption-attachment-118\" class=\"wp-caption-text\">Figure 4.21: Accept FortiClient Free Licence<\/figcaption><\/figure>\n<\/li>\n<li>\n<figure id=\"attachment_131\" aria-describedby=\"caption-attachment-131\" style=\"width: 1279px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-119 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/Windows-Machine-13-.png\" alt=\"Port1 IP Address\" width=\"1279\" height=\"714\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/Windows-Machine-13-.png 1279w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/Windows-Machine-13--300x167.png 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/Windows-Machine-13--1024x572.png 1024w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/Windows-Machine-13--768x429.png 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/Windows-Machine-13--65x36.png 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/Windows-Machine-13--225x126.png 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/Windows-Machine-13--350x195.png 350w\" sizes=\"auto, (max-width: 1279px) 100vw, 1279px\" \/><figcaption id=\"caption-attachment-131\" class=\"wp-caption-text\">Figure 4.22: Port1 IP Address<\/figcaption><\/figure>\n<\/li>\n<li>\n<figure id=\"attachment_131\" aria-describedby=\"caption-attachment-131\" style=\"width: 1101px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-120 size-full\" style=\"text-align: initial;font-size: 14pt\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/Windows-Machine-14-.png\" alt=\"Configure FortiClient Remote Gateway and Pre-shared key\" width=\"1101\" height=\"720\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/Windows-Machine-14-.png 1101w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/Windows-Machine-14--300x196.png 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/Windows-Machine-14--1024x670.png 1024w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/Windows-Machine-14--768x502.png 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/Windows-Machine-14--65x43.png 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/Windows-Machine-14--225x147.png 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/Windows-Machine-14--350x229.png 350w\" sizes=\"auto, (max-width: 1101px) 100vw, 1101px\" \/><figcaption id=\"caption-attachment-131\" class=\"wp-caption-text\">Figure 4.23: Configure FortiClient Remote Gateway and Pre-shared key<\/figcaption><\/figure>\n<\/li>\n<li>You should be able to ping from Windows to VPC.<br \/>\n<figure id=\"attachment_131\" aria-describedby=\"caption-attachment-131\" style=\"width: 1280px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-121 size-full\" style=\"text-align: initial;font-size: 14pt\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/Windows-Machine-15.png\" alt=\"You should be to ping from windows to VPC.\" width=\"1280\" height=\"715\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/Windows-Machine-15.png 1280w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/Windows-Machine-15-300x168.png 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/Windows-Machine-15-1024x572.png 1024w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/Windows-Machine-15-768x429.png 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/Windows-Machine-15-65x36.png 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/Windows-Machine-15-225x126.png 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/Windows-Machine-15-350x196.png 350w\" sizes=\"auto, (max-width: 1280px) 100vw, 1280px\" \/><figcaption id=\"caption-attachment-131\" class=\"wp-caption-text\">Figure 4.24: Verify configuration<\/figcaption><\/figure>\n<\/li>\n<\/ol>\n<h2>Site-to-Site VPN (IPsec VPN)<\/h2>\n<div class=\"textbox shaded\"><strong>Scenario: <\/strong>We are going to have IPsec VPN from WebTerm1 to WebTerm2. First, we are going to configure both firewalls through IPsec VPN Wizards and then we will verify connectivity from WebTerm1 to WebTerm2.<\/div>\n<figure id=\"attachment_131\" aria-describedby=\"caption-attachment-131\" style=\"width: 1075px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-122 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/3-1.jpg\" alt=\"main scenario\" width=\"1075\" height=\"415\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/3-1.jpg 1075w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/3-1-300x116.jpg 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/3-1-1024x395.jpg 1024w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/3-1-768x296.jpg 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/3-1-65x25.jpg 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/3-1-225x87.jpg 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/3-1-350x135.jpg 350w\" sizes=\"auto, (max-width: 1075px) 100vw, 1075px\" \/><figcaption id=\"caption-attachment-131\" class=\"wp-caption-text\">Figure 4.25: Main scenario<\/figcaption><\/figure>\n<p>To validate Firewalls licences, we are going to connect them to the Internet.<\/p>\n<figure id=\"attachment_131\" aria-describedby=\"caption-attachment-131\" style=\"width: 1054px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-123 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/4-2.jpg\" alt=\"Validate firewall licenses\" width=\"1054\" height=\"648\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/4-2.jpg 1054w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/4-2-300x184.jpg 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/4-2-1024x630.jpg 1024w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/4-2-768x472.jpg 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/4-2-65x40.jpg 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/4-2-225x138.jpg 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/4-2-350x215.jpg 350w\" sizes=\"auto, (max-width: 1054px) 100vw, 1054px\" \/><figcaption id=\"caption-attachment-131\" class=\"wp-caption-text\">Figure 4.26: Validate firewall licences<\/figcaption><\/figure>\n<div style=\"text-align: left;\">\n<table class=\"aligncenter\" style=\"width: 100%\">\n<caption>Table 4.2: Devices configuration<\/caption>\n<tbody>\n<tr style=\"height: 18px\">\n<th style=\"width: 118px;height: 18px\" scope=\"col\">Device<\/th>\n<th style=\"width: 165px;height: 18px\" scope=\"col\">IP address<\/th>\n<th style=\"width: 213px;height: 18px\" scope=\"col\">Access<\/th>\n<\/tr>\n<tr style=\"height: 18px\">\n<td style=\"width: 118px;height: 18px\">Fortigate1<\/td>\n<td style=\"width: 165px;height: 18px\">10.10.10.1\/24<\/td>\n<td style=\"width: 213px;height: 18px\">ICMP-HTTP-HTTPS<\/td>\n<\/tr>\n<tr style=\"height: 18px\">\n<td style=\"width: 118px;height: 18px\">Fortigate2<\/td>\n<td style=\"width: 165px;height: 18px\">10.10.10.2\/24<\/td>\n<td style=\"width: 213px;height: 18px\">ICMP-HTTP-HTTPS<\/td>\n<\/tr>\n<tr style=\"height: 18px\">\n<td style=\"width: 118px;height: 18px\">WebTerm1<\/td>\n<td style=\"width: 165px;height: 18px\">192.168.20.2\/24<\/td>\n<td style=\"width: 213px;height: 18px\">&#8211;<\/td>\n<\/tr>\n<tr style=\"height: 18px\">\n<td style=\"width: 118px;height: 18px\">WebTerm2<\/td>\n<td style=\"width: 165px;height: 18px\">192.168.10.2\/24<\/td>\n<td style=\"width: 213px;height: 18px\">&#8211;<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<div class=\"textbox shaded\"><span style=\"background-color: #ffff00\"><strong>Note:<\/strong>Port1 is used for firewall licensing. Once the license is successfully applied, you can disconnect port1.<\/span><\/div>\n<div class=\"mceTemp\"><\/div>\n<ol>\n<li>On the FG1, go to\u00a0<strong>VPN &gt; IPsec Wizard<\/strong> and select Site to Site \u2013 FortiGate.<br \/>\n<figure id=\"attachment_124\" aria-describedby=\"caption-attachment-124\" style=\"width: 1133px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-124 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/5-1.jpg\" alt=\"\" width=\"1133\" height=\"557\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/5-1.jpg 1133w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/5-1-300x147.jpg 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/5-1-1024x503.jpg 1024w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/5-1-768x378.jpg 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/5-1-65x32.jpg 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/5-1-225x111.jpg 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/5-1-350x172.jpg 350w\" sizes=\"auto, (max-width: 1133px) 100vw, 1133px\" \/><figcaption id=\"caption-attachment-124\" class=\"wp-caption-text\">Figure 4.27: VPN Setup<\/figcaption><\/figure>\n<\/li>\n<li>Select <strong>Site2Site\/ FortiGate \/No Nat. <\/strong>Enter Remote IP: <strong>10.10.10.2\/24<\/strong>, outgoing interface: <strong>port3<\/strong>.<br \/>\n<figure id=\"attachment_125\" aria-describedby=\"caption-attachment-125\" style=\"width: 1133px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-125 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/6-2.jpg\" alt=\"Select Site2Site\/ FortiGate \/No Nat\" width=\"1133\" height=\"569\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/6-2.jpg 1133w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/6-2-300x151.jpg 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/6-2-1024x514.jpg 1024w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/6-2-768x386.jpg 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/6-2-65x33.jpg 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/6-2-225x113.jpg 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/6-2-350x176.jpg 350w\" sizes=\"auto, (max-width: 1133px) 100vw, 1133px\" \/><figcaption id=\"caption-attachment-125\" class=\"wp-caption-text\">Figure 4.28: Authentication<\/figcaption><\/figure>\n<\/li>\n<li>Local Interface: port2, IP: <strong>192.168.20.0\/24<\/strong>, Remote subnet: <strong>192.168.10.0\/24<\/strong>. Through the wizard, FortiGate creates two policies and two static routes in the firewall.<br \/>\n<figure id=\"attachment_131\" aria-describedby=\"caption-attachment-131\" style=\"width: 1152px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-126 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/7.jpg\" alt=\"Local Interface: port2 \u00a0 IP: 192.168.20.0\/24, Remote subnet: 192.168.10.0\/24\" width=\"1152\" height=\"620\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/7.jpg 1152w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/7-300x161.jpg 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/7-1024x551.jpg 1024w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/7-768x413.jpg 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/7-65x35.jpg 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/7-225x121.jpg 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/7-350x188.jpg 350w\" sizes=\"auto, (max-width: 1152px) 100vw, 1152px\" \/><figcaption id=\"caption-attachment-131\" class=\"wp-caption-text\">Figure 4.29: Policy &amp; Routing<\/figcaption><\/figure>\n<\/li>\n<li>On the FG2, go to <strong>VPN &gt; IPsec Wizard<\/strong> and select Site-to-Site \u2013 FortiGate.<br \/>\n<figure id=\"attachment_127\" aria-describedby=\"caption-attachment-127\" style=\"width: 1104px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-127 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/8-1.jpg\" alt=\"\" width=\"1104\" height=\"643\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/8-1.jpg 1104w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/8-1-300x175.jpg 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/8-1-1024x596.jpg 1024w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/8-1-768x447.jpg 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/8-1-65x38.jpg 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/8-1-225x131.jpg 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/8-1-350x204.jpg 350w\" sizes=\"auto, (max-width: 1104px) 100vw, 1104px\" \/><figcaption id=\"caption-attachment-127\" class=\"wp-caption-text\">Figure 4.30: Set up FG2<\/figcaption><\/figure>\n<\/li>\n<li>Do the same configuration for FG2 (remote IP is 10.10.10.1\/24 and local IP is 192.168.10.0\/24).<br \/>\n<figure id=\"attachment_131\" aria-describedby=\"caption-attachment-131\" style=\"width: 1121px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-128 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/9-1.jpg\" alt=\"(remote IP is 10.10.10.1\/24 and local IP is 192.168.10.0\/24)\" width=\"1121\" height=\"602\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/9-1.jpg 1121w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/9-1-300x161.jpg 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/9-1-1024x550.jpg 1024w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/9-1-768x412.jpg 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/9-1-65x35.jpg 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/9-1-225x121.jpg 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/9-1-350x188.jpg 350w\" sizes=\"auto, (max-width: 1121px) 100vw, 1121px\" \/><figcaption id=\"caption-attachment-131\" class=\"wp-caption-text\">Figure 4.31: Authentication in FG2<\/figcaption><\/figure>\n<\/li>\n<li>\n<figure id=\"attachment_131\" aria-describedby=\"caption-attachment-131\" style=\"width: 1079px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-129 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/10-1.jpg\" alt=\"Step 6- Policy &amp; Routing in FG2\" width=\"1079\" height=\"639\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/10-1.jpg 1079w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/10-1-300x178.jpg 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/10-1-1024x606.jpg 1024w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/10-1-768x455.jpg 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/10-1-65x38.jpg 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/10-1-225x133.jpg 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/10-1-350x207.jpg 350w\" sizes=\"auto, (max-width: 1079px) 100vw, 1079px\" \/><figcaption id=\"caption-attachment-131\" class=\"wp-caption-text\">Figure 4.32: Policy &amp; Routing in FG2<\/figcaption><\/figure>\n<\/li>\n<li>\n<figure id=\"attachment_131\" aria-describedby=\"caption-attachment-131\" style=\"width: 1219px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-130 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/11-1.jpg\" alt=\"Configure IPsec Tunnels\" width=\"1219\" height=\"268\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/11-1.jpg 1219w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/11-1-300x66.jpg 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/11-1-1024x225.jpg 1024w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/11-1-768x169.jpg 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/11-1-65x14.jpg 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/11-1-225x49.jpg 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/11-1-350x77.jpg 350w\" sizes=\"auto, (max-width: 1219px) 100vw, 1219px\" \/><figcaption id=\"caption-attachment-131\" class=\"wp-caption-text\">Figure 4.33: Configure IPsec Tunnels<\/figcaption><\/figure>\n<p>Then, go to your IPsec Tunnels and double click on Inactive.<\/p>\n<p>On the next windows, right click on the <strong>tunnel<\/strong> &gt; <strong>Bring UP<\/strong> &gt; <strong>All Phase 2 selectors<\/strong>. Then, your tunnel should be up!<\/p>\n<figure id=\"attachment_131\" aria-describedby=\"caption-attachment-131\" style=\"width: 1186px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-131 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/12.jpg\" alt=\"Bring up IPsec Tunnel\" width=\"1186\" height=\"577\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/12.jpg 1186w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/12-300x146.jpg 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/12-1024x498.jpg 1024w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/12-768x374.jpg 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/12-65x32.jpg 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/12-225x109.jpg 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/06\/12-350x170.jpg 350w\" sizes=\"auto, (max-width: 1186px) 100vw, 1186px\" \/><figcaption id=\"caption-attachment-131\" class=\"wp-caption-text\">Figure 4.34: Bring up IPsec Tunnel<\/figcaption><\/figure>\n<figure id=\"attachment_131\" aria-describedby=\"caption-attachment-131\" style=\"width: 1266px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-337 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/13-1.jpg\" alt=\"Verify the status of the tunnel\" width=\"1266\" height=\"457\" \/><figcaption id=\"caption-attachment-131\" class=\"wp-caption-text\">Figure 4.35: Verify the status of the tunnel<\/figcaption><\/figure>\n<\/li>\n<li><span style=\"background-color: #ffff00\">Go to <strong>Logs &amp; Reports<\/strong> &gt; <strong>Event<\/strong> &gt; <strong>VPN Event<\/strong> and verify your configuration<\/span>.<\/li>\n<li>\n<figure id=\"attachment_1117\" aria-describedby=\"caption-attachment-1117\" style=\"width: 997px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-1117 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/03\/Screenshot-2025-11-26-122429.png\" alt=\"\" width=\"997\" height=\"521\" srcset=\"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/03\/Screenshot-2025-11-26-122429.png 997w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/03\/Screenshot-2025-11-26-122429-300x157.png 300w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/03\/Screenshot-2025-11-26-122429-768x401.png 768w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/03\/Screenshot-2025-11-26-122429-65x34.png 65w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/03\/Screenshot-2025-11-26-122429-225x118.png 225w, https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-content\/uploads\/sites\/1702\/2022\/03\/Screenshot-2025-11-26-122429-350x183.png 350w\" sizes=\"auto, (max-width: 997px) 100vw, 997px\" \/><figcaption id=\"caption-attachment-1117\" class=\"wp-caption-text\">Figure 4.36: Verify the logs<\/figcaption><\/figure>\n<\/li>\n<li>You should be able to ping from WebTerm1 to WebTerm2.<br \/>\n<figure id=\"attachment_131\" aria-describedby=\"caption-attachment-131\" style=\"width: 800px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-338 size-full\" src=\"https:\/\/pressbooks.bccampus.ca\/htalebi\/wp-content\/uploads\/sites\/1702\/2022\/06\/14-1.jpg\" alt=\"You should be able to ping from WebTerm 1 to WebTerm 2\" width=\"800\" height=\"509\" \/><figcaption id=\"caption-attachment-131\" class=\"wp-caption-text\">Figure 4.37: Verify configuration<\/figcaption><\/figure>\n<\/li>\n<\/ol>\n","protected":false},"author":1562,"menu_order":4,"template":"","meta":{"pb_show_title":"on","pb_short_title":"","pb_subtitle":"","pb_authors":[],"pb_section_license":""},"chapter-type":[],"contributor":[],"license":[],"class_list":["post-135","chapter","type-chapter","status-publish","hentry"],"part":97,"_links":{"self":[{"href":"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-json\/pressbooks\/v2\/chapters\/135","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-json\/pressbooks\/v2\/chapters"}],"about":[{"href":"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-json\/wp\/v2\/types\/chapter"}],"author":[{"embeddable":true,"href":"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-json\/wp\/v2\/users\/1562"}],"version-history":[{"count":25,"href":"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-json\/pressbooks\/v2\/chapters\/135\/revisions"}],"predecessor-version":[{"id":1143,"href":"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-json\/pressbooks\/v2\/chapters\/135\/revisions\/1143"}],"part":[{"href":"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-json\/pressbooks\/v2\/parts\/97"}],"metadata":[{"href":"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-json\/pressbooks\/v2\/chapters\/135\/metadata\/"}],"wp:attachment":[{"href":"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-json\/wp\/v2\/media?parent=135"}],"wp:term":[{"taxonomy":"chapter-type","embeddable":true,"href":"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-json\/pressbooks\/v2\/chapter-type?post=135"},{"taxonomy":"contributor","embeddable":true,"href":"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-json\/wp\/v2\/contributor?post=135"},{"taxonomy":"license","embeddable":true,"href":"https:\/\/pressbooks.bccampus.ca\/fortigatefirewall\/wp-json\/wp\/v2\/license?post=135"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}