Configuring the FortiGate unit as a VPN policy server
When a FortiClient application set to automatic configuration connects to the FortiGate unit, the FortiGate unit requests a user name and password. If the user supplies valid credentials, the FortiGate unit downloads the VPN settings to the FortiClient application.
You must do the following to configure the FortiGate unit to work as a VPN policy server for FortiClient automatic configuration:
1. Create user accounts for FortiClient users.
2. Create a user group for FortiClient users and the user accounts that you created in step
1.
3. Connect to the FortiGate unit CLI and configure VPN policy distribution as follows:
config vpn ipsec forticlient
edit <policy_name>
set phase2name <tunnel_name>
set usergroupname <group_name>
set status enable
end
<tunnel_name> must be the Name you specified in the step
2 of
“Configure the FortiGate unit”.
<group_name> must be the name of the user group your created for FortiClient users.