Skip to main content
KubaG
KubaG
Explorer
October 31, 2025
Solved

Importing IPSec tunnel configuration to FortiClient via XML without overwriting existing tunnels

  • October 31, 2025
  • 2 replies
  • 3428 views

Hello everyone,

we would like to distribute an IPSec tunnel configuration to other users, including external contractors, using the export/import of an XML file.

However, I’ve noticed that when a user imports such an XML file, it overwrites all previously configured tunnels.

Is there any way to create an XML file that allows users to import only one or several tunnels in a simple and user-friendly way, without replacing all existing ones?

Thank you very much in advance for your help!

Best answer by funkylicious

in it, states about a setting that you can change

 

You can create a partial config by hand-editing the XML file.  There's an option near the top you can change from 0 to 1 to designate it as a partial config (so it will merge instead of replace).

2 replies

funkylicious
SuperUser
funkylicious
SuperUser
October 31, 2025

hi,

have a look at https://community.fortinet.com/t5/Support-Forum/Exporting-importing-a-single-VPN-connection/m-p/211539 

"jack of all trades, master of none"
    KubaG
    KubaGAuthor
    Explorer
    October 31, 2025

    Hi,

    thanks for the link, but I don’t think that topic provides a solution for importing a single VPN tunnel configuration without overwriting the existing ones.

    funkylicious
    SuperUser
    funkyliciousAnswer
    SuperUser
    October 31, 2025

    in it, states about a setting that you can change

     

    You can create a partial config by hand-editing the XML file.  There's an option near the top you can change from 0 to 1 to designate it as a partial config (so it will merge instead of replace).
    "jack of all trades, master of none"
      ElwinBERRAR
      ElwinBERRAR
      Explorer III
      October 31, 2025

      Hi,

      FortiClient doesn’t support importing just one IPSec tunnel without replacing the whole configuration. The XML import always overwrites the existing file. If you want to distribute a single tunnel, the best options are to share the connection parameters so users can add it manually, or use FortiClient EMS to centrally deploy and manage VPN profiles.

      KubaG
      KubaGAuthor
      Explorer
      October 31, 2025

      Hi,

      that’s quite unfortunate, as in my case I specifically need to distribute a configuration with a slightly modified XML — namely with the parameters <implied_SPDO>1</implied_SPDO> and <implied_SPDO_timeout>60</implied_SPDO_timeout>, which cannot be configured directly through the GUI.

      I need to deliver this configuration to a larger number of external contractors, and asking each of them to manually edit or rebuild the XML file is not really practical.
      If there was an easier way to set these parameters without manually editing or replacing the entire XML configuration, that would also be a perfectly acceptable solution.



      Terms & ConditionsAccessibility statement