Chapter 11 IPsec VPN for FortiOS 5.0 : FortiGate dialup-client configurations : Configure the FortiGate dialup client : Policy-based VPN security policy
  
Policy-based VPN security policy
Define an IPsec security policy to permit communications between the source and destination addresses.
1. Go to Policy > Policy > Policy and select Create New.
2. Select the Policy Type of VPN and leave the Policy Subtype as IPsec.
3. Enter these settings in particular:
Local Interface
Select the interface that connects to the private network behind this FortiGate unit.
Local Protected Subnet
Select the address name that you defined in Step 3 for the private network behind this FortiGate unit.
Outgoing Interface
Select the FortiGate unit’s public interface.
Remote Protected Subnet
Select the address name that you defined in Step 3 for the private network behind the dialup server.
VPN Tunnel
Select Use Existing and select the name of the phase 1 configuration that you created in Step 1 from the drop-down list.
Clear Allow traffic to be initiated from the remote site to prevent traffic from the remote network from initiating the tunnel after the tunnel has been established.
Place the policy in the policy list above any other policies having similar source and destination addresses.