beautypg.com

Fortinet FortiGate 50A User Manual

Page 205

background image

PPTP and L2TP VPN

Configuring PPTP

FortiGate-50A Installation and Configuration Guide

205

To add a source address group

Organize the source addresses into an address group.

1

Go to Firewall > Address > Group.

2

Add a new address group to the interface to which PPTP clients connect.

3

Enter a Group Name to identify the address group.
The name can contain numbers (0-9), uppercase and lowercase letters (A-Z, a-z), and
the special characters - and _. Other special characters and spaces are not allowed.

4

To add addresses to the address group, select an address from the Available
Addresses list and select the right arrow to add it to the Members list.

5

To remove addresses from the address group, select an address from the Members
list and select the left arrow to remove it from the group.

6

Select OK to add the address group.

To add a destination address

Add an address to which PPTP users can connect.

1

Go to Firewall > Address.

2

Select the internal interface.

3

Select New to add an address.

4

Enter the Address Name, IP Address, and NetMask for a single computer or for an
entire subnetwork on an internal interface of the local VPN peer.

5

Select OK to save the destination address.

To add a firewall policy

Add a policy which specifies the source and destination addresses and sets the
service for the policy to the traffic type inside the PPTP VPN tunnel.

1

Go to Firewall > Policy.

2

Select the Ext->Int policy list.

3

Select New to add a new policy.

4

Set Source to the group that matches the PPTP address range.

5

Set Destination to the address to which PPTP users can connect.

6

Set Service to match the traffic type inside the PPTP VPN tunnel.
For example, if PPTP users can access a web server, select HTTP.

7

Set Action to ACCEPT.

8

Select NAT if address translation is required.
You can also configure traffic shaping, logging, and antivirus and web filter settings for
PPTP policies.

9

Select OK to save the firewall policy.

Note: If the PPTP address range is comprised of an entire subnet, add an address for this
subnet. Do not add an address group.

See also other documents in the category Fortinet Hardware: