• The FortiGate dialup server must have a static public IP address.

• NAT mode is required if you want to create a route-based VPN.

• The FortiGate dialup server may operate in either NAT mode or transparent mode to support a policy-based VPN.

• Computers on the private network behind the FortiGate dialup client can obtain IP addresses either from a DHCP server behind the FortiGate dialup client, or a DHCP server behind the FortiGate dialup server.

• If the DHCP server resides on the network behind the dialup client, the DHCP server must be configured to assign IP addresses that do not match the private network behind the FortiGate dialup server.

• If the DHCP server resides on the network behind the FortiGate dialup server, the DHCP server must be configured to assign IP addresses that do not match the private network behind the FortiGate dialup client.