Chapter 11 IPsec VPN for FortiOS 5.0 : Dynamic DNS configuration : Configure the fixed-address VPN peer : Configuring branch_1 security policies : Creating branch_1 policy-based security policies
  
Creating branch_1 policy-based security policies
A policy-based security policy allows you the flexibility to allow inbound or outbound traffic or both through this single policy.
This policy-based IPsec VPN security policy allows both inbound and outbound traffic
1. Go to Policy > Policy > Policy and select Create New.
2. Select the Policy Type as VPN and leave the Policy Subtype as IPsec.
3. Enter the following information, and select OK.
Local Interface
Select internal. The interface that connects to the private network behind this FortiGate unit.
Local Protected Subnet
Select branch_1_internal. The address name that you defined for the private network behind this FortiGate unit.
Outgoing VPN Interface
Select wan1. The FortiGate unit’s public interface.
Remote Protected Subnet
Select branch_2_internal. The address name that you defined for the private network behind the remote peer.
VPN Tunnel
Select Use Existing and select branch_1 from the drop-down list.
Select Allow traffic to be initiated from the remote site to enable traffic from the remote network to initiate the tunnel.
4. Place this security policy in the policy list above any other policies having similar source and destination addresses.