In this tutorial, you will be able to allow your remote employees to access the corporate network using an IPsec VPN that they connect to the network using FortiClient, the remote employee’s internet traffic is also can be routed through the Fortigate.
First, you will need to add the firewall address for the local network.
1. Create a new firewall address by going to “Policy & Objects” and then click on “Addresses” and create a new address.
2. Make sure to set the Category as “Address” and give the entry a name, and then the type “Subnet” and enter the IP range to local subnet, and interface should be “LAN”.
3. Go to VPN and click IPsec Wizard.
4. Give the VPN a name, and set the template to be “Remote Access”, the remote device type should be “Forti Client VPN for OS X, Windows, and Android”.
5. Make sure to set the incoming interface to be “WAN1” and that is the source of your internet connection, and select the authentication method you want, most of the people use “Pre-shared Key”, on the group select the addresses group you want to have access to the VPN.
6. Make sure to set the local interface to be your “LAN” and the local address to be the local address group of your FortiGate, “Client Address” is for the VPN users, and make sure to select “Use System DNS” so the VPN connected devices can reach the other network devices and hosts.
7. Last step and it’s the “Client Options” and it’s up to you to set it what you want.
8. After you finally create the VPN tunnel, a summary page should appear to you showing all the options and configuration you had added to the FortiGate.