Outgoing Interface – this will likely be your internal network (LAN).Source address – this will be the remote site’s information (you should have named this in Firewall Objects | Address ).Incoming Interface – this is the VPN interface you named in Phase I.The trickiness is to read the rule as follows: Here is where you create inbound and outbound rules between the virtual VPN interfaces and your internal network. In the event your site to site VPN is not Fortigate to Fortigate, you should consult your vendor’s recommendations, as this typically hoses Phase 2 establishment.ģ) The next crucial step of establishing IPsec interface mode is ensuring correct firewall rules. Note, the default key life of 1800 seconds works in most cases. If you are using Aggressive mode, be sure to select your source and destination addresses in the Quick Mode Selector. P1 Proposal, typically AES-128 with SHA1 authentication, DH Group 5.Ģ) Now, configure your Phase 2 attributes, choosing the SAME options in Phase 1.If you choose Aggressive it must be configured in the Phase 2 configuration. Either Aggressive or Main Mode will work.After configuring the target IP address, be sure to attach the Phase 1 local interface to your WAN connection (i.e.Be sure to make note of the following parameters: To begin configuration, follow these steps:ġ) Open and configure Phase 1 attributes under the VPN|IPSec|Auto Key (IKE) tab via the management console. Interface mode is a more sophisticated and flexible method of providing connectivity between sites due in large part to its seamless integration into the Fortigate’s routing table. Specifically, IPSec Tunnels can be triggered via firewall rules based policies or interface mode. Fortinet Fortigate UTM appliances provide IPSec (as well as SSL VPN) “out of the box”. Virtual Private Networking (“VPN”) is a cost effective and secure method for site to site connectivity without the use of client software.