Adding a destination address, Adding an encrypt policy – Fortinet FortiGate-800 User Manual

IPSec VPN

Configuring encrypt policies

FortiGate-800 Installation and Configuration Guide

247

Adding a destination address

The destination address can be a VPN client address on the Internet or the address of
a network behind a remote VPN gateway.

To add a destination address

1

Go to Firewall > Address.

2

Select an external interface.

3

Select New to add an address.

4

Enter the Address Name, IP Address, and NetMask for a single computer or for an
entire subnetwork on an internal interface of the remote VPN peer.

5

Select OK to save the destination address.

Adding an encrypt policy

To add an encrypt policy

1

Go to Firewall > Policy.

2

Select the policy list that you want to add the policy to (usually, Internal->External).

3

Select New to add a new policy.

4

Set Source to the source address.

5

Set Destination to the destination address.

6

Set Service to control the services allowed over the VPN connection.
You can select ANY to allow all supported services over the VPN connection or select
a specific service or service group to limit the services allowed over the VPN
connection.

7

Set Action to ENCRYPT.

8

Configure the ENCRYPT parameters.