Route-based VPN security policy
Define an ACCEPT security policy to permit communications between hosts on the private network behind this FortiGate dialup client and the private network behind the FortiGate dialup server. Because communication cannot be initiated in the opposite direction, there is only one policy.
1. Go to Policy > Policy > Policy and select Create New.
2. Leave the Policy Type of Firewall and leave the Policy Subtype as Address.
3. Enter these settings in particular:
Incoming Interface | Select the interface that connects to the private network behind this FortiGate unit. |
Source Address | Select All. |
Outgoing Interface | Select the VPN tunnel (IPsec interface) created in Step 1. |
Destination Address | Select All. |
Action | Select ACCEPT. |
Enable NAT | Disable |