Define address ranges for branch

Chapter 10 IPsec VPN : Dynamic DNS configuration : Configure the dynamically-addressed VPN peer : Configuring branch_2 security policies : Define address ranges for branch_2 security policies

Define address ranges for branch_2 security policies

Define VPN connection names for the address ranges of the private networks. These addresses are used in the security policies that permit communication between the networks. For more information, see “Defining policy addresses”.

Define an address name for the IP address and netmask of the private network behind the local FortiGate unit.

To define branch_2 address ranges

1. Go to Policy & Objects > Objects > Addresses.

2. Select Create New.

3. Enter the following information, and select OK.


Name	Enter branch_2_internal. Enter a meaningful name.
Type	Select Subnet.
Subnet / IP Range	Enter 10.10.10.0/24. Include the netmask or specify a specific range.
Interface	Select internal. The interface that will be handling the traffic from the internal network.

Define an address name for the IP address and netmask of the private network behind the remote peer.

4. Select Create New.

5. Enter the following information, and select OK.


Name	Enter branch_1_internal. A meaningful name for the private network at the remote end of the VPN tunnel.
Type	Select Subnet.
Subnet / IP Range	Enter 192.168.1.0/24. Include the netmask. Optionally you can specify a range
Interface	Select any. The interface that will be handling the remote VPN traffic on this FortiGate unit. If you are unsure, or multiple interfaces may be handling this traffic use any.