Skip to main content
nit_mws
nit_mws
New Member
July 3, 2019
Question

Correct documentation of IPsec Tunnel setup form in FortiIO 6.0.4 available?

  • July 3, 2019
  • 1 reply
  • 4364 views

Hi, I'm a Fortinet newbie and want to set up for a DialUp VPN an IPsec Tunnel - using FortiOS 6.0.4.

I've downloaded the FortiOS Handbook for version 6.0.4. Looking into section "FortiClient dialup-client configuration" of the IPsec VPN chapter I see below "Configuring the FortiGate unit" a guide walking the reader through a user interface.

But unfortunately the FortiOS web UI shown by my FortiGate 30E is quite different from what is explained in the Handbook. Example: in step 5 the Handbook tells me I should be able to set DHCP-IPsec - but nothing similar is in my web UI. Where can I set DHCP-IP???

 

Is there somewhere a documentation which aligns with the web UI?

 

Thanks,

Michael

    1 reply

    ede_pfau
    SuperUser
    ede_pfau
    SuperUser
    July 3, 2019

    That might be a limitation of the 30E. "Real firewalls start at 60E"...

    I can assure you DHCP over IPsec does work on lots of Fortigates but I've never tried out a 30E.

     

    Maybe some 30E user can comment on this.

     

    Try to set the DHCP server in Network > Interfaces > myTunnelPhase1Name.

    nit_mws
    nit_mwsAuthor
    New Member
    July 3, 2019

    Hm, a highly different user interface of 30E is new to me, I assumed that FortiOS UIs are the same or at least very similar across devices, depending only on available features. (The Getting Started section of the Handbook tells: "Before you get started, note that not all FortiGate models have the same features. This is especially true of the desktop or entry-level models: FortiGate / FortiWiFi models 30 to 90. If you are using one of these FortiGate models, you may have some difficulties accessing certain features." So there should not be a big difference between 30E and 60E - and already the sections of a IPsec Tunnel definition are different in the Handbook and the web UI.)

     

    Anyway: I've been searching the 30E UI and it allows only to set DHCP if I select Mode Config in the Network setting of an IPsec Tunnel. And for the related interface I can set the DHCP server: either the FortiGate or one in the local internal network. I hope doing that would provide the same as outlined in the Handbook.

     

    Thanks,

    Michael

    ede_pfau
    SuperUser
    ede_pfau
    SuperUser
    July 3, 2019

    I've just tested with a dial-in tunnel on my 60E. You can specify an DHCP server on the tunnel interface (not in the VPN setup), assign a gateway IP and a matching DHCP range.

     

    I've converted the tunnel to custom in order to get access to all details. Unfortunately I can't test the setup just now but this is the setup to use. Haven't downloaded the 6.0 handbook yet so I can't check that either, sorry.

    Terms & ConditionsAccessibility statement