Adding the security policy
The security policy specifies the source and destination addresses that can generate traffic inside the PPTP tunnel and defines the scope of services permitted through the tunnel. If a selection of services are required, define a service group.
To configure the firewall for the PPTP tunnel - web-based manager
1. Go to Policy & Objects > Policy > IPv4 or Policy & Objects > Policy > IPv6 and select Create New.
2. Complete the following and select OK:
Incoming Interface | The FortiGate interface connected to the Internet. |
Source Address | Select the name that corresponds to the range of addresses that you reserved for PPTP clients. |
Outgoing Interface | The FortiGate interface connected to the internal network. |
Destination Address | Select the name that corresponds to the IP addresses behind the FortiGate unit. |
Schedule | always |
Service | ALL |
Action | ACCEPT |
To configure the firewall for the PPTP tunnel - CLI
config firewall policy OR config firewall policy6
edit 1
set srcintf <interface to internet>
set dstintf <interface to internal network>
set srcaddr <reserved_range>
set dstaddr <internal_addresses>
set action accept
set schedule always
set service ALL
end
See Also