Chapter 11 IPsec VPN for FortiOS 5.0 : FortiClient dialup-client configurations : Configure the FortiGate unit : Configuring FortiGate unit VPN settings : Policy-based VPN security policy
  
Policy-based VPN security policy
Define an IPsec security policy to permit communications between the source and destination addresses.
1. Go to Policy > Policy > Policy and select Create New.
2. Select the Policy Type of VPN and leave the Policy Subtype as IPsec.
3. Enter these settings in particular:
Local Interface
Select the interface that connects to the private network behind this FortiGate unit.
Local Protected Subnet
Select the address name that you defined in Step 3 for the private network behind this FortiGate unit.
Outgoing VPN Interface
Select the FortiGate unit’s public interface.
Remote Protected Subnet
If FortiClient users are assigned VIPs, select the address name that you defined in Step 3 for the VIP subnet. Otherwise, select All.
VPN Tunnel
Select Use Existing and select the name of the phase 1 configuration that you created in Step 1.
Select Allow traffic to be initiated from the remote site to enable traffic from the remote network to initiate the tunnel.
Place VPN policies in the policy list above any other policies having similar source and destination addresses.