VPN Console : Configuring a VPN : Add a VPN gateway
 
Add a VPN gateway
Create a VPN gateway. This is the address/port combination the VPN tunnel will use to route traffic.
 
You must set one or more Protected Subnets for the VPN Console to be able to select Specify Source/Destination Protected Subnet under the Policy Scope. If you do not, the list will be empty and you will have to select Apply to Traffic between All Protected Subnets instead. See “Create VPN firewall policies”.
To add a Managed VPN gateway:
1. Go to VPN Console.
2. In the content pane VPN list, select the name of a VPN Console entry.
3. Select Create New and choose Managed Gateway from the drop-down list.
Figure 131: Add VPN Managed Gateway dialog box
4. Select the Node Type as one of HUB or Spoke.
5. Select the Device for the VPN gateway. This device must already exist in the FortiManager database. To add new devices, see “Adding a device”.
6. Select the Default VPN Interface on the VPN device that connects the VPN to the public network.
7. Select the routing options. Select Manual to create the route yourself in Device manager or select Automatic for the VPN console to automatically configure the interface on the VPN device that connects the VPN to the public network.
8. Select the Summary Networks by selecting the configured interface and firewall address for that network and then select the plus (“+”) icon to apply the entry. Repeat for each summary network.
9. Select the Protected Subnet by selecting the configured interface and firewall address for that network and then select the plus (“+”) icon to apply the entry. Repeat for each protected subnet.
10. If required, adjust the advanced options.
11. Select OK.
To add an External VPN gateway:
1. Go to VPN Console.
2. In the content pane VPN list, select the name of a VPN Console entry.
3. Select Create New and choose External Gateway from the drop-down list.
Figure 132: Add VPN External Gateway dialog box
4. Select the Node Type as one of HUB or Spoke.
5. Select the Device for the VPN gateway. This device must already exist in the FortiManager database. To add new devices, see “Adding a device”.
6. Select the Default VPN Interface on the VPN device that connects the VPN to the public network.
7. Select the routing options. Select Manual to create the route yourself in Device manager or select Automatic for the VPN console to automatically configure the interface on the VPN device that connects the VPN to the public network.
8. Select the Summary Networks by selecting the configured interface and firewall address for that network and then select the plus (“+”) icon to apply the entry. Repeat for each summary network.
9. Select the Protected Subnet by selecting the configured interface and firewall address for that network and then select the plus (“+”) icon to apply the entry. Repeat for each protected subnet.
10. If required, adjust the advanced options.
11. Select OK.