Individual Phase 2 up/down control option missing from WebUI

Forum|Forum|7 years ago
May 13, 2019
1 reply
4110 views

I've been migrating my FortiOS from 5.4 to 5.6 across my DCs and I've noticed that on 5.6 the WebUI, under IPsec Monitoring, I no longer have the option to 'Bring Up/Down' a specific Phase 2. You can only bring up the whole tunnel. I'm familiar with dropping a phase 2 at the command line, it was just much more convenient in the WebUI. Anyone know if this is in fact gone or if perhaps I just don't have my settings correct to see and administrate these phase 2 connections separate?

ede_pfau

SuperUser

In the IPsec monitor, enable the column "Phase 2 selectors". Then you can see and bring up/tear down individual phase2's, or even all at once.

But not on all multi-tunnel VPNs...one of mine will only show ONE single phase2. Turned out I had been lazy and configured 'named address' as selector, and used an address group. Less work but less control.

viccfleAuthor

New Member

Thanks for the response! Yes, most of our customers will have several proxy-id/encryption domains, so it was nice in 5.4 to have the ability to up/down a single connection on the WebUI within that tunnel without the potential of bouncing the whole tunnel affecting prod traffic. The CLI method definitely isn't as convenient.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded