Technical Tip: 'loopback-asymroute' CLI Command on FortiGate not displayed in Phase1 settings

The CLI command 'set loopback-asymroute enable/disable' may be missing from the IKEv1 IPsec Phase 1 configuration.

FGT # config vpn ipsec phase1-interface

FGT (phase1-interface) # edit "loopback_fgta"

FGT (loopback_fgta) # show

config vpn ipsec phase1-interface

    edit "loopback_fgta"

        set interface "loopback1"

        set peertype any

        set net-device disable

        set passive-mode enable

        set proposal aes128-sha256 aes256-sha256 aes128-sha1 aes256-sha1

        set remote-gw 10.X.X.X

        set psksecret fortinet

    next

end

FGT (loopback_fgta) # set loopback-asymroute enable

command parse error before 'loopback-asymroute'

Command fail. Return code -61

This issue has been resolved:
v7.4.9 (available to download from the Fortinet support portal)
v7.6.5 (available to download from the Fortinet support portal).
v8.0.0 (scheduled to be released in March 2026).
These timelines for firmware release are estimated and may be subject to change.

Note: Refer to bug ID 1192598 in the Resolved issues 7.4.9 and Resolved issues 7.6.5.