Skip to main content
Uwe_Sommerfeld
Uwe_Sommerfeld
New Member
July 2, 2014
Solved

Central VPN Mode - anyone?

  • July 2, 2014
  • 1 reply
  • 5720 views
Hi there is anybody actually using the central VPN console mode in fortimanager? I am trying to convert VPN Configurations and have all sorts of trouble, e.g. creating a phase 2 to an external (non managed) Hub that needs a src-subnet and dst-subnet. Seems to be impossible, however...?
    Best answer by Sean_Toomey_FTNT
    Hi Wurzlsepp, I have used VPN console in FortiManager before. You typically use this when you want to create a large number of VPN tunnels such as deploying mesh or star configurations. If you do not have a large deployment, or you have complex needs, it may not be suitable to use VPN console, for having the additional flexibility of defining VPN tunnels per FortiGate. That said, there are some functions for creating phase1/phase2 to external unmanaged gateway. You don' t mention what version of FortiManager / FortiOS you are working with. Please ensure you have the latest version as there have been improvements to VPN console over time. Create a VPN topology (mesh/star/dialup) and then edit it by either right-click -> Manage Gateways, or by clicking the name of the topology you created - depending on your FMGR version. Then when you add a gateway you can add an external gateway (unmanaged by FMGR), and should have some additional options. If that doesn' t get you pointed in the right direction, please post what you are trying to accomplish and specific parts that you are having trouble with, and don' t forget that docs.fortinet.com is your friend! Cheers!

    1 reply

    Sean_Toomey_FTNT
    Staff
    Sean_Toomey_FTNTAnswer
    Staff
    July 31, 2014
    Hi Wurzlsepp, I have used VPN console in FortiManager before. You typically use this when you want to create a large number of VPN tunnels such as deploying mesh or star configurations. If you do not have a large deployment, or you have complex needs, it may not be suitable to use VPN console, for having the additional flexibility of defining VPN tunnels per FortiGate. That said, there are some functions for creating phase1/phase2 to external unmanaged gateway. You don' t mention what version of FortiManager / FortiOS you are working with. Please ensure you have the latest version as there have been improvements to VPN console over time. Create a VPN topology (mesh/star/dialup) and then edit it by either right-click -> Manage Gateways, or by clicking the name of the topology you created - depending on your FMGR version. Then when you add a gateway you can add an external gateway (unmanaged by FMGR), and should have some additional options. If that doesn' t get you pointed in the right direction, please post what you are trying to accomplish and specific parts that you are having trouble with, and don' t forget that docs.fortinet.com is your friend! Cheers!
    boneyard
    boneyard
    Valued Contributor
    January 9, 2016

    an old thread i know but i had the same question as the original poster, so on converting existing VPNs into central VPN console, and was told by my SE that isn't route you want to go.

     

    it might be useful for fresh deployments, but taking an existing one isn't advised.

    Terms & ConditionsAccessibility statement