FortiGate-VM64 # show vpn ipsec phase1-interface config vpn ipsec phase1-interface edit "MIKROTIK" set interface "wan1" set peertype any set net-device disable set proposal des-sha1 set dhgrp 2 set remote-gw 192.168.100.120 set psksecret ENC test1234 next end FortiGate-VM64 # show vpn ipsec phase2-interface config vpn ipsec phase2-interface edit "MIKROTIK" set phase1name "MIKROTIK" set proposal null-sha1 set dhgrp 2 set auto-negotiate enable set keylifeseconds 3600 next end FortiGate-VM64 # show system interface MIKROTIK config system interface edit "MIKROTIK" set vdom "root" set ip 172.16.1.1 255.255.255.255 set allowaccess ping set type tunnel set remote-ip 172.16.1.2 255.255.255.252 set snmp-index 12 set interface "wan1" next end FortiGate-VM64 # show firewall policy config firewall policy edit 1 set uuid a31565ce-3ca8-51eb-9608-f4dd35fd852d set srcintf "lan" set dstintf "MIKROTIK" set srcaddr "10.16.1.0/24" set dstaddr "10.16.2.0/24" set action accept set schedule "always" set service "ALL" set logtraffic all next edit 2 set uuid a74950d8-3ca8-51eb-9b75-e7661b8989c6 set srcintf "MIKROTIK" set dstintf "lan" set srcaddr "10.16.2.0/24" set dstaddr "10.16.1.0/24" set action accept set schedule "always" set service "ALL" set logtraffic all set comments " (Copy of 1) (Reverse of 1)" next edit 3 set uuid 86b1e4f4-3cab-51eb-760b-4af4cede9326 set srcintf "MIKROTIK" set dstintf "wan1" set srcaddr "10.16.2.0/24" set dstaddr "all" set action accept set schedule "always" set service "ALL" set logtraffic all set nat enable next end FortiGate-VM64 # show router static config router static edit 1 set dst 10.16.2.0 255.255.255.0 set device "MIKROTIK" next