Chapter 10 Install and System Administration for FortiOS 5.0 : PPTP and L2TP : Adding the security policy
  
Adding the security policy
The security policy specifies the source and destination addresses that can generate traffic inside the L2TP tunnel and defines the scope of services permitted through the tunnel. If a selection of services are required, define a service group.
To define the traffic and services permitted inside the L2TP tunnel
1. Go to Policy > Policy > Policy and select Create New.
2. Leave the Policy Type as Firewall and the Policy Subtype as Address.
3. Enter these settings:
Incoming Interface
Select the FortiGate interface to the Internet.
Source Address
Select the name that corresponds to the address range that reserved for L2TP clients (for example, Ext_L2TPrange).
Outgoing Interface
Select the FortiGate interface to the internal (private) network.
Destination Address
Select the name that corresponds to the IP addresses behind the FortiGate unit (for example, Int_L2TPaccess).
Service
Select ALL, or if selected services are required instead, select the service group that you defined previously.
Action
ACCEPT
4. Select OK.
See Also
Configuring a Linux client
Monitoring L2TP sessions
Testing L2TP VPN connections
Logging L2TP VPN events
PPTP and L2TP