IPSec Policies
IPSec policies allow IPSec VPN traffic access to the internal network from a remote location. These policies include authentication information that authenticates users and user group or groups. These policies specify the following:
• the FortiGate firewall interface that provides the physical connection to the remote VPN gateway, usually an interface connected to the Internet
• the FortiGate firewall interface that connects to the private network
• IP addresses associated with data that has to be encrypted and decrypted
• optional: a schedule that restricts when the VPN can operate, and services (or types of data) that can be sent.
For a route-based (interface mode) VPN, you do not configure an IPSec security policy. Instead, you configure two regular ACCEPT security policies, one for each direction of communication, with the IPSec virtual interface as the source or destination interface, as appropriate.