Technical Tip: Enable 'Policy-Based IPsec VPN' configuration
Description
This article describes how to enable 'Policy-Based IPsec VPN' configuration from GUI and CLI.
Scope
FortiGate.
Solution
By default, 'Policy-Based IPsec VPN' configuration is disabled in the GUI.
Refer to the following:
Go to VPN -> IPsec Tunnels, select 'Create new' and 'Custom'.
To enable the 'Policy-Based IPsec VPN':
Go to System -> Feature Visibility, enable 'Policy-based IPsec VPN', and select 'Apply'.
Go to System -> Feature Visibility, enable 'Policy-based IPsec VPN', and select 'Apply'.
To enable the 'Policy-Based IPsec VPN' from the CLI use the following commands:
config system settings
set gui-policy-based-ipsec enable
end
Once applied, go to VPN -> IPsec Tunnels, select 'Create new', 'Custom', and unselect 'Enable IPsec Interface Mode'.
Create a Policy from the LAN interface to the remote lan subnet of the Policy-based VPN using the external interface as the outgoing interface. The IPsec Action in the policy allows the tunnel to be selected.
Related documents:
- Policy-based IPsec tunnel - FortiGate cookbook
- Policy-based IPsec tunnel - FortiGate 6.4.0 administration guide
- Policy-based IPsec tunnel - FortiGate 7.0.0 administration guide
- Policy-based IPsec tunnel - FortiGate 7.2.0 administration guide
- Policy-based IPsec tunnel - FortiGate 7.4.0 administration guide
- Policy-based IPsec tunnel - FortiGate 7.6.0 administration guide
- Technical Tip: After upgrade Policy-Based IPsec VPN are getting removed from firewall policy