To install the FortiGate VPN client and configure it with IPsec, download and install the FortiClient VPN software (Windows/macOS), create a new "IPsec VPN" connection, enter the public FortiGate IP as the remote gateway, select "Pre-Shared Key" for authentication, and input the pre-shared key defined in your firewall's VPN Wizard.
- Download the appropriate installer from the official Fortinet site or via your FortiClient EMS system.
- Run the installer and follow the on-screen prompts.
- Open the application and select Remote Access > Configure VPN.
- VPN Type: Select IPsec VPN.
- Connection Name: Give it a recognizable name (e.g., Office-VPN).
- Remote Gateway: Enter the public IP address of your FortiGate firewall.
- Authentication Method: Choose Pre-Shared Key and enter the same key that will be configured on the FortiGate.
- Local ID: (Optional) If specified in the firewall, enter this ID.
- Click Save.
- Navigate to VPN > IPsec Wizard.
- Name: Give the tunnel a name.
- Template Type: Select Remote Access and choose FortiClient as the remote device.
- Authentication: Select the incoming interface (WAN), choose Pre-shared key, and define a strong key. Select the user group permitted to connect.
- Policy & Routing: Select the local interface (internal network) and the IP address range for remote clients.
- Finish: Click Create.
- In FortiClient, enter the username and password created on the FortiGate.
- Click Connect.
Note: For Linux environments, IPsec is often configured via the command line (e.g., Libreswan) as the native FortiClient Linux application may be designed for SSL VPN.