Skip to main content
SamuelRed
SamuelRed
New Member
March 8, 2017
Question

Maximum Tunnel of IPSec Dialup

  • March 8, 2017
  • 1 reply
  • 7959 views

Hi All,

 

I got challenge to secure an automatic teller machine with forticlient ipsec vpn. The concern is how many of 1 IKE profile (phase1-phase2) can handle the dialup ipsec tunnel? let say, the ATM is 2000 units... so is it possible just create/using 1 IKE profile? or must create several IKE profile?

 

if I naming the profile with "atm", so the first tunnel will listed at vpn monitor with atm_0, then the 2000th tunnel it will be listed as atm_2000.  its no issue?

 

thanks in advanced

Samuel Redjono.

1 reply

ede_pfau
SuperUser
ede_pfau
SuperUser
March 8, 2017

You've got to watch 2 limits:

- the complete name for an active tunnel is limited to 15 characters. So with just "atm_" plus a number you could in theory support 11 digits, like 99 billion connections (o-ha, I hope I get the calc right in my head)

- the receiving FGT has got a limit of how many IPsec tunnels are supported. Find this information in the "Maximum values matrix" on docs.fortinet.com.

- P.S. and there's another limit: as each new tunnel creates a new virtual interface, looks up the max. number of interfaces supported by the hardware and FOS version.

 

I'd think you would need a mid-range FGT (FG-xxx) at least.

SamuelRed
SamuelRedAuthor
New Member
July 17, 2017

hi efe_pfau

 

thanks for your reply...

got it at maximum value about max tun per 1 concentrator

 

thanks again and regards

Samuel

 

Terms & ConditionsAccessibility statement