Skip to main content
bturnbough
bturnbough
New Member
September 28, 2020
Question

Fortimanager 6.4.2 / IPSEC FULL MESH / Interface IP Address Assingment

  • September 28, 2020
  • 1 reply
  • 2370 views

Howdy All,

Long time listener, first time caller.  Fairly new to the Fortinet networking game.  Long time Cisco IOS slinger.

 

We're looking at utilizing the following:

 

IPSEC VPN (Full Mesh) (in manual routing mode)

OSPF dynamic routing across the IPSEC tunnels

All of this managed by the Fortimanager.

 

The problem that I'm finding is that I haven't located a way for the interface IP's to get *dynamically* assigned by the fortimanager.  Doesn't seem much of a problem when you only have, say, 3 sites, but when you have 15 it tends to cause more manual labor than it's worth.

 

Why do I want to assign IP's to the tunnel interfaces, you ask?  Well, it is my understanding that the interfaces must have IP addresses on them for OSPF to advertise out on them and form adjacencies.

 

I called into tech support, and they seemed like it was pretty much over their heads (surprise surprise LOL)

 

Thoughts?  Questions? Comments? Blessings?

 

 

    1 reply

    boneyard
    boneyard
    Valued Contributor
    October 4, 2020

    never built it, but this seems to show what you more or less want i believe: https://kb.fortinet.com/k....do?externalID=FD47665 what you can also consider is the ADVPN feature, this seems to be the newish way of how Fortinet does full mesh VPN setups. not supported in FortiManager - VPNManager yet i believe, but not a fan of that feature anyway. https://kb.fortinet.com/k....do?externalID=FD39360

    Terms & ConditionsAccessibility statement