Route-based VPN security policies
Define an ACCEPT security policy to permit communications between the source and destination addresses.
1. Go to Policy > Policy > Policy and select Create New.
2. Leave the Policy Type as Firewall and leave the Policy Subtype as Address.
3. Enter these settings in particular:
Incoming Interface | Select the VPN Tunnel (IPsec Interface) you configured in Step 1. |
Source Address | Select All. |
Outgoing Interface | Select the interface that connects to the private network behind this FortiGate unit. |
Destination Address | Select All. |
Action | Select ACCEPT. |
Enable NAT | Disable. |
If you want to allow hosts on the private network to initiate communications with the FortiClient users after the tunnel is established, you need to define a security policy for communication in that direction.
1. Go to Policy > Policy > Policy and select Create New.
2. Leave the Policy Type as Firewall and leave the Policy Subtype as Address.
3. Enter these settings in particular:
Incoming Interface | Select the interface that connects to the private network behind this FortiGate unit. |
Source Address | Select All. |
Outgoing Interface | Select the interface that connects to the private network behind this FortiGate unit. |
Destination Address | Select All. |
Action | Select ACCEPT. |
Enable NAT | Disable. |