Support


Changes between Version 6 and Version 7 of HowtoFortigate

Show
Ignore:
Timestamp:
04/05/09 17:18:36 (17 months ago)
Author:
admin
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • HowtoFortigate

    v6 v7  
    2525Several address definitions must be created. These will be used later in other parts of the gateway configuration. Navigate to the following screen using the pane on the left hand side of the browser interface. 
    2626 
    27 [[Image(http://www.shrew.net/vpn/howto/Fortigate/nav-1a.jpg)]] 
     27[[Image(http://www.shrew.net/static/howto/Fortigate/nav-1a.jpg)]] 
    2828 
    2929To create a new address definition, click on the ''Create New'' button at the top of the page. 
    3030 
    31 [[Image(http://www.shrew.net/vpn/howto/Fortigate/nav-1b.jpg)]] 
     31[[Image(http://www.shrew.net/static/howto/Fortigate/nav-1b.jpg)]] 
    3232 
    3333==== Wan Interface Entry ==== 
     
    4444When finished click OK. 
    4545 
    46 [[Image(http://www.shrew.net/vpn/howto/Fortigate/pic-1a.jpg)]] 
     46[[Image(http://www.shrew.net/static/howto/Fortigate/pic-1a.jpg)]] 
    4747 
    4848==== Private Network Entry ==== 
     
    5959When finished click OK. 
    6060 
    61 [[Image(http://www.shrew.net/vpn/howto/Fortigate/pic-1b.jpg)]] 
     61[[Image(http://www.shrew.net/static/howto/Fortigate/pic-1b.jpg)]] 
    6262 
    6363=== DHCP Server Parameters === 
     
    6565An IPsec over DHCP server must be created. This will define the parameters to be assigned to clients when they connect. Navigate to the following screen using the pane on the left hand side of the browser interface. 
    6666 
    67 [[Image(http://www.shrew.net/vpn/howto/Fortigate/nav-2a.jpg)]] 
     67[[Image(http://www.shrew.net/static/howto/Fortigate/nav-2a.jpg)]] 
    6868 
    6969To create a new DHCP server definition, click on the arrow next to your external interface name to expand the options. Then click on the plus icon to the right of the ''Servers'' option. 
    7070 
    71 [[Image(http://www.shrew.net/vpn/howto/Fortigate/nav-2b.jpg)]] 
     71[[Image(http://www.shrew.net/static/howto/Fortigate/nav-2b.jpg)]] 
    7272 
    7373When defining your DHCP parameters, make sure you select an address range that does not overlap with any private network protected by the Fortigate unit. 
     
    8686When finished click OK. 
    8787 
    88 [[Image(http://www.shrew.net/vpn/howto/Fortigate/pic-2.jpg)]] 
     88[[Image(http://www.shrew.net/static/howto/Fortigate/pic-2.jpg)]] 
    8989 
    9090=== Dialup Users === 
     
    9292Dialup user accounts must be created. These will be the user name and passwords a remote access users will use to authenticate with the gateway. Navigate to the following screen using the pane on the left hand side of the browser interface. 
    9393 
    94 [[Image(http://www.shrew.net/vpn/howto/Fortigate/nav-3a.jpg)]] 
     94[[Image(http://www.shrew.net/static/howto/Fortigate/nav-3a.jpg)]] 
    9595 
    9696To create a new user, click on the ''Create New'' button at the top of the page. 
    9797 
    98 [[Image(http://www.shrew.net/vpn/howto/Fortigate/nav-3b.jpg)]] 
     98[[Image(http://www.shrew.net/static/howto/Fortigate/nav-3b.jpg)]] 
    9999 
    100100Define the following parameters for each user account. 
     
    105105When finished click OK. 
    106106 
    107 [[Image(http://www.shrew.net/vpn/howto/Fortigate/pic-3.jpg)]] 
     107[[Image(http://www.shrew.net/static/howto/Fortigate/pic-3.jpg)]] 
    108108 
    109109=== Dialup User Group === 
     
    111111A dialup user group must be created. By placing a user account in this group, it will allow them to access the gateway using the client software. Navigate to the following screen using the pane on the left hand side of the browser interface. 
    112112 
    113 [[Image(http://www.shrew.net/vpn/howto/Fortigate/nav-4a.jpg)]] 
     113[[Image(http://www.shrew.net/static/howto/Fortigate/nav-4a.jpg)]] 
    114114 
    115115To create a new user group, click on the ''Create New'' button at the top of the page. 
    116116 
    117 [[Image(http://www.shrew.net/vpn/howto/Fortigate/nav-4b.jpg)]] 
     117[[Image(http://www.shrew.net/static/howto/Fortigate/nav-4b.jpg)]] 
    118118 
    119119Define the following parameters for each user account. 
     
    127127When finished click OK. 
    128128 
    129 [[Image(http://www.shrew.net/vpn/howto/Fortigate/pic-4.jpg)]] 
     129[[Image(http://www.shrew.net/static/howto/Fortigate/pic-4.jpg)]] 
    130130 
    131131=== Phase 1 Parameters === 
     
    133133The IKE phase 1 parameters must be configured for our remote access connections. Navigate to the following screen using the pane on the left hand side of the browser interface. 
    134134 
    135 [[Image(http://www.shrew.net/vpn/howto/Fortigate/nav-5a.jpg)]] 
     135[[Image(http://www.shrew.net/static/howto/Fortigate/nav-5a.jpg)]] 
    136136 
    137137To create a new Phase 1 definition, click on the ''Create Phase 1'' button at the top of the screen. 
    138138 
    139 [[Image(http://www.shrew.net/vpn/howto/Fortigate/nav-5b.jpg)]] 
     139[[Image(http://www.shrew.net/static/howto/Fortigate/nav-5b.jpg)]] 
    140140 
    141141Define the following parameters. 
     
    168168When finished click OK. 
    169169 
    170 [[Image(http://www.shrew.net/vpn/howto/Fortigate/pic-5a.jpg)]] 
     170[[Image(http://www.shrew.net/static/howto/Fortigate/pic-5a.jpg)]] 
    171171 
    172172=== Phase 2 Parameters === 
     
    174174The IKE phase 2 parameters must be configured for our remote access connections. Navigate to the following screen using the pane on the left hand side of the browser interface. 
    175175 
    176 [[Image(http://www.shrew.net/vpn/howto/Fortigate/nav-5a.jpg)]] 
     176[[Image(http://www.shrew.net/static/howto/Fortigate/nav-5a.jpg)]] 
    177177 
    178178To create a new Phase 2 definition, click on the ''Create Phase 1'' button at the top of the screen. 
    179179 
    180 [[Image(http://www.shrew.net/vpn/howto/Fortigate/nav-5c.jpg)]] 
     180[[Image(http://www.shrew.net/static/howto/Fortigate/nav-5c.jpg)]] 
    181181 
    182182Define the following parameters. 
     
    204204When finished click OK. 
    205205 
    206 [[Image(http://www.shrew.net/vpn/howto/Fortigate/pic-5b.jpg)]] 
     206[[Image(http://www.shrew.net/static/howto/Fortigate/pic-5b.jpg)]] 
    207207 
    208208=== Firewall Policies === 
     
    210210Firewall policies must be created to define the resources remote access clients will have access to. Navigate to the following screen using the pane on the left hand side of the browser interface. 
    211211 
    212 [[Image(http://www.shrew.net/vpn/howto/Fortigate/nav-6a.jpg)]] 
     212[[Image(http://www.shrew.net/static/howto/Fortigate/nav-6a.jpg)]] 
    213213 
    214214To create a new policy, click the ''Create New'' button at the top of the screen. 
    215215 
    216 [[Image(http://www.shrew.net/vpn/howto/Fortigate/nav-6b.jpg)]] 
     216[[Image(http://www.shrew.net/static/howto/Fortigate/nav-6b.jpg)]] 
    217217 
    218218The first policy will allow clients to communicate with the external interface DHCP server. 
     
    238238When finished click OK. 
    239239 
    240 [[Image(http://www.shrew.net/vpn/howto/Fortigate/pic-6a.jpg)]] 
     240[[Image(http://www.shrew.net/static/howto/Fortigate/pic-6a.jpg)]] 
    241241 
    242242The second policy will allow clients to communicate with the private network protected by the Fortigate. A seperate policy needs to be created for each private network that should be accessible to remote access clients. 
     
    262262When finished click OK. 
    263263 
    264 [[Image(http://www.shrew.net/vpn/howto/Fortigate/pic-6b.jpg)]] 
     264[[Image(http://www.shrew.net/static/howto/Fortigate/pic-6b.jpg)]] 
    265265 
    266266== Client Configuration == 
     
    302302== Resources == 
    303303 
    304  * [http://www.shrew.net/vpn/howto/Fortigate/fortigate.vpn Example Client configuration] 
     304 * [http://www.shrew.net/static/howto/Fortigate/fortigate.vpn Example Client configuration]