Skip to main content
Floto
Floto
New Member
February 17, 2025
Question

"Enable IPsec Interface Mode"-Option missing

  • February 17, 2025
  • 3 replies
  • 1841 views

Hello everyone,

 

since Fortigate Firmware Version 7.6.0 (and above) the "Enable IPsec Interface Mode"-Option is missing when creating a new costum VPN Tunnel.

 

On Firmware Version 7.4.7 everything is fine. The checkbox is displayed and can be unchecked.New_VPN_on_7.4.7.PNG

When creating a new policy i can switch the Action to "IPsec" an choose the VPN tunnel:

Test_Pol_on_7.4.7.PNG

 

After upgrading the same Fortigate 40F to Version 7.6.0 the "Enable IPsec Interface Mode" is disappeared:

New_VPN_on_7.6.0.PNG

Without unchecking this option i can't choose the VPN tunnel in a new policy

Test_Pol_on_7.6.0.PNG

I already tried to deactivate the "policy-based IPsec VPN" Feature and active it again. It did not work. I also updated the Firmware to 7.6.1 and 7.6.2. On both versions the same problem.

 

Is this a bug or kinda a feature?

 

Best regards from Germany,

Florian

3 replies

funkylicious
SuperUser
funkylicious
SuperUser
February 17, 2025

hi,

try from cli

 

config system settings

set gui-policy-based-ipsec enable

end

 

or from GUI , System > Feature Visibility > Policy based IPsec

"jack of all trades, master of none"
    Floto
    FlotoAuthor
    New Member
    February 18, 2025

    Hi funky,

     

    thanks for your advice, unfortunately it didn't help.
    I also tried to disable first and enable via cli.

    dingjerry_FTNT
    Staff
    dingjerry_FTNT
    Staff
    February 17, 2025

    Hi @Floto ,

     

    "I already tried to deactivate the "policy-based IPsec VPN" Feature and active it again"

     

    How did you do it?

      Floto
      FlotoAuthor
      New Member
      February 18, 2025

      Hi dingjerry_FTNT,

       

      i tried it via GUI and CLI, neither worked.

      dingjerry_FTNT
      Staff
      dingjerry_FTNT
      Staff
      February 18, 2025

      Hi @Floto ,

       

      As I mentioned, this should be a GUI bug.  Please raise a TAC ticket to request for a Bug report on this issue.

       

      Meanwhile, you may create the policy-based IPSec VPN using the CLI commands  "config vpn ipsec phase1 | phase2]" for your phase1 & phase2 settings as a workaround. 

       

      Once created, I believe that you can see it in GUI.

      dingjerry_FTNT
      Staff
      dingjerry_FTNT
      Staff
      February 17, 2025

      Hi @Floto ,

       

      I just did a quick test and think that this is a bug. 

       

      You may raise a TAC ticket to request the TAC team to report a bug for you.

        dingjerry_FTNT
        Staff
        dingjerry_FTNT
        Staff
        February 17, 2025

        @Floto ,

         

        BTW, I think that this is a GUI bug.  Because I still see the CLI commands for policy-based IPSec VPN configurations.

          Terms & ConditionsCookie settingsAccessibility statement