Configuring a FortiGate remote peer to support Internet browsing

Chapter 11 IPsec VPN for FortiOS 5.0 : Internet-browsing configuration : Routing all remote traffic through the VPN tunnel : Configuring a FortiGate remote peer to support Internet browsing

The configuration changes to send all traffic through the VPN differ for policy-based and route-based VPNs.

To route all traffic through a policy-based VPN

1. At the FortiGate dialup client, go to Policy > Policy > Policy.

2. Select the IPsec security policy and then select Edit.

3. From the Remote Protected Subnet list, select all.

4. Select OK.

Packets are routed through the VPN tunnel, not just those destined for the protected private network.

To route all traffic through a route-based VPN

1. At the FortiGate dialup client, go to Router > Static > Static Routes.

2. On a low-end FortiGate unit, go to System > Network > Routing.

3. Select the default route (destination IP 0.0.0.0) and then select Edit. If there is no default route, select Create New. Enter the following information and select OK:


Destination IP/Mask	0.0.0.0/0.0.0.0
Device	Select the IPsec virtual interface.
Distance	Leave at default.

All packets are routed through the VPN tunnel, not just packets destined for the protected private network.