FortiWAN IPSec


FortiWAN’s IPSec VPN is based on the standard two-phase Internet Key Exchange (IKE) protocol, and two communication modes: tunnel mode and transport mode. IPSec is one of the popular standards for establishing a site-to-site VPN network. It contains the tunneling technology and strict security mechanisms. Different from the tunneling of IPSec VPN, FortiWAN’s Tunnel Routing has the advantages of bandwidth aggregation and fault tolerance. By integrating IPSec and Tunnel Routing, FortiWAN is fit for the requirement that an IPSec VPN with ability of bandwidth aggregation and fault tolerance.

We start the topic with IPSec VPN Concepts, which includes the descriptions of IPSec VPN overview, IPSec key exchange and How IPSec VPN works. The next topic describes how to set up FortiWAN IPSec VPN, see IPSec set up. IPSec VPN installation is divided into the stages as follows:

  • The specifications of FortiWAN IPSec, see About FortiWAN IPSec VPN.
  • Concern of planning a VPN deployment, see Planning your VPN. l Operations and configurations on Web UI, see IPSec VPN in the Web UI. l Necessary routing policies for the VPN (with scenarios), see Define routing policies for an IPSec VPN. l Basic setting for establishing IPSec VPN with FortiGate, see Establish IPSec VPN with FortiGate.

If you already have Tunnel Routing running and desire IPSec protection (IPSec Transport mode) on it, you could refer to the descriptions in IPSec VPN in the Web UI and the examples in Define routing policies for an IPSec VPN directly.

IPSec VPN Concepts

As we know, a private network (deployment of private IP addresses) is invisible, closed to public network (usually the Internet). Two private networks in geographically different location can not directly access each other through Internet. Virtual Private Network (VPN) is a concept that connects local and remote private networks over Internet to logically become one private network. An user in a local private network is capable to have accesses to resource in remote private network in a secure way through Internet, such as the access to remote private network of the headquarters office from (branch) local private network. Users of the two private networks access to each other without being aware of the VPN transmissions, just like they are physically in the same network.

The VPN concept implies two critical elements, a tunnel connecting two private networks over an intermediate network and a secure way transferring data through the tunnel (over an untrusted network), which make the virtual private network matches the properties of a physical private network, accesses among private IP address and invisibility to public network (data privacy). IPSec is just the technology designed to implement the two properties of VPN concept. A VPN network established by IPSec can be called IPSec VPN. It not only gives the tunneling implementation for connectivity of two incompatible networks, but also put emphasis on the strict security definitions.


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

This entry was posted in Administration Guides, FortiWAN on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.