You can use VPN wizard to configure IPSec VPN on Fortigate firewalls, but this would be very time consuming process if you want to create more than one VPN tunnels. Using template scripts such as below, you can save your time.

You need to change parameters written in uppercase according to your infrastructure, also the IP addresses and network object names.

Branch side config:

config vpn ipsec phase1-interface
edit “ToHeadQuarter”
set interface “port1”
set proposal des-sha1
set remote-gw 10.200.1.1
set psksecret abc123
next
end

config vpn ipsec phase2-interface
edit “ToHeadQuarterP2”
set auto-negotiate enable
set dst-addr-type name
set keepalive enable
set phase1name “ToHeadQuarter”
set proposal des-sha1
set src-addr-type name
set dst-name “HeadQuarter”
set src-name “Branch”
next
end

config firewall policy
edit 1
set srcintf “port3”
set dstintf “ToHeadQuarter”
set srcaddr “Branch”
set dstaddr “”HeadQuarter””
set action accept
set schedule “always”
set service “ALL”
next
edit 2
set srcintf “ToHeadQuarter”
set dstintf “port3”
set srcaddr “HeadQuarter”
set dstaddr “Branch”
set action accept
set schedule “always”
set service “ALL”
next
end

config router static
edit 2
set device “ToHeadQuarter”
set distance 1
set dst 10.0.1.0 255.255.255.0
next
end

HeadQuarter side config:

config vpn ipsec phase1-interface
edit “ToBranch”
set interface “port1”
set proposal des-sha1
set remote-gw 10.200.3.1
set psksecret abc123
next
end

config vpn ipsec phase2-interface
edit “ToBranchP2”
set auto-negotiate enable
set dst-addr-type name
set keepalive enable
set phase1name “ToBranch”
set proposal des-sha1
set src-addr-type name
set dst-name “Branch”
set src-name “Headquarter”
next
end

config firewall policy
edit 1
set srcintf “port3”
set dstintf “ToBranch”
set srcaddr “Headquarter”
set dstaddr “Branch”
set action accept
set schedule “always”
set service “ALL”
next
edit 2
set srcintf “ToBranch”
set dstintf “port3”
set srcaddr “Branch”
set dstaddr “Headquarter”
set action accept
set schedule “always”
set service “ALL”
next
end

config router static
edit 2
set device “ToBranch”
set distance 1
set dst 10.0.2.0 255.255.255.0
next
end