Skip to main content
Pablood
Pablood
New Member
August 22, 2013
Solved

No IPSEC VPN Policy option with 5.0.4

  • August 22, 2013
  • 5 replies
  • 21209 views
We upgrade our Fortigate 60D to 5.0.4 version, put it in " Interface Mode" and create 2 ipsec vpn tunnels with 2 phases ok to connect to our old cisco router (using dial up vpn) The problem is i cant create the vpn policy for IPSEC, it only show me te SSL VPN options. We have a 60 C with 4.12 with this configuration working ok. Thanks in advance
    Best answer by abelio
    hi and welcome, By default, policy-based IPsec VPN is hidden from the web-based manager you need to enable it before: System->Config->Features-> show More-> Policy-based ipsec vpns hope it helps

    5 replies

    abelio
    SuperUser
    abelioAnswer
    SuperUser
    August 22, 2013
    hi and welcome, By default, policy-based IPsec VPN is hidden from the web-based manager you need to enable it before: System->Config->Features-> show More-> Policy-based ipsec vpns hope it helps
    Issachar
    Issachar
    New Member
    February 17, 2016

    abelio wrote:
    hi and welcome, By default, policy-based IPsec VPN is hidden from the web-based manager you need to enable it before: System->Config->Features-> show More-> Policy-based ipsec vpns hope it helps

    Sorry, I know this is a really old thread, but you just saved my day!!!

     

    I just create the forum account to say thank you!!! :D

    ede_pfau
    SuperUser
    ede_pfau
    SuperUser
    February 18, 2016

    One piece of good advice: please do not revert back to policy-based VPN! It has been superceded by the widely more flexible interface-based or route-based VPN. Do yourself a favor and stick to the (now not so) "new" method. You will see what I mean if you have to debug the VPN.

     

    There are very few situations where you need to have a policy-based VPN, one being VPN on a transparent mode FGT/VDOM. Otherwise, I think, Fortinet would have dropped policy-based VPN a long time ago.

    Pablood
    PabloodAuthor
    New Member
    August 23, 2013
    Thanks Abel!!!!!
    Dipen
    Dipen
    New Member
    August 27, 2013
    In Interface Mode you have to configure like Normal Firewall Policies. VPN Policies are required only in Tunnel Mode. Moreover Interface Mode is recommended.
    bmotamed
    bmotamed
    New Member
    April 20, 2015

    Hello

    trying to create an IPSEC policy, vpn tunnels do not apprear on drop down menu list. When i tried to use cli, vpn tunnels seem not being on data base. Howerer, my tunnel are brined up ans the list name appears when i try list name on cli interface!

    Can anyone give me a solution?

    THanks

    bmotamed
    bmotamed
    New Member
    April 20, 2015

     : my fortigate is a 60B and the firmware is 4.0

    abelio
    SuperUser
    abelio
    SuperUser
    April 20, 2015

    bmotamed wrote:

     : my fortigate is a 60B and the firmware is 4.0

    Hi bmotamed

    in this situation this thread doesn't apply to your scenario.

    Under 4.0 fortios,  route (or interface) vpn must be enabled explicitely under advanced phase1 settings; if not, the vpn remains 'policy based' configured.

    I guess that is your situation and you cannot see the vpns interface names in the drop down list.

    If you use policy (or tunnel) based vpn, you'll only need one firewall policy internal->wan, with action=ipsec to control  the traffic in both directions.

     

    hope it helps

     

     

     

     

     

     

    bmotamed
    bmotamed
    New Member
    April 20, 2015

    yes thank you abel. I must reconfigure my vpn not in interface mode to see tunnel in firewall policy.

     

    Terms & ConditionsAccessibility statement