Topology | Description |
Standard one-to-one VPN between two FortiGate units. See “Gateway-to-gateway configurations”. | |
One central FortiGate unit has multiple VPNs to other remote FortiGate units. See “Hub-and-spoke configurations”. | |
One end of the VPN tunnel has a changing IP address and the other end must go to a dynamic DNS server for the current IP address before establishing a tunnel. See “Dynamic DNS configuration”. | |
Typically remote FortiClient dialup-clients use dynamic IP addresses through NAT devices. The FortiGate unit acts as a dialup server allowing dialup VPN connections from multiple sources. See “FortiClient dialup-client configurations”. | |
Similar to FortiClient dialup-client configurations but with more gateway-to-gateway settings such as unique user authentication for multiple users on a single VPN tunnel. See “FortiGate dialup-client configurations”. | |
Secure web browsing performed by dialup VPN clients, and/or hosts behind a remote VPN peer. See “Internet-browsing configuration”. | |
Options for supporting redundant and partially redundant IPsec VPNs, using route-based approaches. See “Redundant VPN configurations”. | |
In transparent mode, the FortiGate acts as a bridge with all incoming traffic being broadcast back out on all other interfaces. Routing and NAT must be performed on external routers. See “Transparent mode VPNs”. | |
Manually define cryptographic keys to establish an IPsec VPN, either policy-based or route-based. See “Manual-key configurations”. | |
Configure VPN for Microsoft Windows dialup clients using the built in L2TP software. Users do not have to install any See “L2TP and IPsec (Microsoft VPN)”. |