EasyManua.ls Logo

Fortinet Gate 60D - Internet Browsing Configuration; Concentrator

Fortinet Gate 60D
706 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Internet browsing configuration IPSec VPN
FortiGate Version 4.0 Administration Guide
544 01-400-89802-20090424
http://docs.fortinet.com/Feedback
Internet browsing configuration
By using appropriate firewall policies, you can enable VPN users to browse the Internet
through the FortiGate unit. The required policies are different for policy-based and route-
based VPNs. For more information, see “Configuring firewall policies” on page 323.
To create a policy-based VPN Internet browsing configuration
1 Go to Firewall > Policy.
2 Select Create New and enter the following information
3 Configure other settings as required.
4 Select OK.
To configure a route-based VPN Internet browsing configuration
1 Go to Firewall > Policy.
2 Select Create New and enter the following information.
3 Configure other settings as required.
4 Select OK.
Concentrator
In a hub-and-spoke configuration, policy-based VPN connections to a number of remote
peers radiate from a single, central FortiGate unit. Site-to-site connections between the
remote peers do not exist; however, You can establish VPN tunnels between any two of
the remote peers through the FortiGate unit “hub”.
In a hub-and-spoke network, all VPN tunnels terminate at the hub. The peers that connect
to the hub are known as “spokes”. The hub functions as a concentrator on the network,
managing all VPN connections between the spokes. VPN traffic passes from one tunnel to
the other through the hub.
You define a concentrator to include spokes in the hub-and-spoke configuration.
Source Interface/Zone Select the FortiGate unit public interface.
Source Address Name Select All.
Destination Interface/Zone Select the FortiGate unit public interface.
Destination Address Name Select the remote network address name.
Action Select IPSEC.
VPN Tunnel Select the tunnel that provides access to the private network
behind the FortiGate unit.
Inbound NAT Select the check box.
Source Interface/Zone Select the IPSec interface.
Source Address Name Select All.
Destination Interface/Zone Select the FortiGate unit public interface.
Destination Address Name Select All.
Action Select ACCEPT.
NAT Select the check box.

Table of Contents