Situation

Use FortiClient to connect to the dial-up IPsec VPN (IKEv2) and authenticate with your local username and password.

Solution

# 建立User
[1]
Log in Fortigate WebUI > User & Authentication > User Definition

[2]
Create New > Local User > "Username/Password"

# 建立User Group
[3]
Fortigate WebUI > User & Authentication > User Groups

[4]
Create New > "Name" > Members + (Username)

# 輸入指令啟用驗證User的帳號密碼
[5]
Open FortiGate CMD > config vpn ipsec phase1-interface > edit "tunnel_phase1"

[6]
set eap enable
set eap-identity send-request
set authusrgrp "User_Group_Name"

# 輸入指令啟用idle timeout並設定timeout時間
[7]
set idle-time enable
set idle-timeoutinterval 20