Creating branch_2 policy-based security policies
Define an IPsec policy to permit VPN sessions between the private networks. Define an IPsec policy to permit the VPN sessions between the local branch_2 unit and the remote branch_1 unit.
1. Go to Policy > Policy > Policy and select Create New.
2. Select the Policy Type as VPN and leave the Policy Subtype as IPsec.
3. Enter the following information, and select OK.
Local Interface | Select internal. The interface connecting the private network behind this FortiGate unit. |
Local Protected Subnet | Select branch_2_internal. The address name for the private network behind this local FortiGate unit. |
Outgoing VPN Interface | Select wan1. The FortiGate unit’s public interface. |
Remote Protected Subnet | Select branch_1_internal. The address name for the private network behind branch_1, the remote peer. |
VPN Tunnel | Select Use Existing and select branch_2 from the drop-down list. The name of the phase 1 tunnel. |
| Select Allow traffic to be initiated from the remote site. |
Comments | Policy-based: allows traffic in either direction to initiate the VPN tunnel. |
4. Optionally configure any other security policy settings you require such as UTM or traffic shaping for this policy.
5. Place these policies in the policy list above any other policies having similar source and destination addresses. This will ensure VPN traffic is matched against the VPN policies before any other policies.