Fortios 5.2.5 policy-based IPsec VPN and WAN Link...

Cybersecurity Forum

This forum is for all security enthusiasts to discuss Fortinet's latest & evolving technologies and to connect & network with peers in the cybersecurity hemisphere. Share and learn on a broad range of topics like best practices, use cases, integrations and more. For support specific questions/resources, please visit the Support Forum or the Knowledge Base.

I have a cluster of two fg80C fortios version 5.09, with some policy-based IPsec VPN's, working just fine. I will migrate to a fg100d cluster with fortios 5.2.5, all configuration works fine in the new 100D cluster, but I have a issue, I will change my wan1 interface policies to a WAN Link Load Balancing (two ISP providers, wan 1 & wan2, Weighted Round Robin method) to the new cluster but if I enable it, my policy-based IPsec VPN's can get configured , even via cli. I got Command fail. Return code -651.

"error:set interface wan1

node_check_object fail! for interface wan1"

value parse error before 'wan1'
Command fail. Return code -651

I don't now if this is a bug of firmware 5.2.5, or just WAN Link Load Balancing is not compatible with Policy-based IPsec VPN's.

notes:
-I will not upgrade to fortios 5.4, because it's so many bugs, and I don't now if firmware 5.2.6 solve my problem, any idea how to work-around with this issue, because i am already has a working environment with the cluster80c v5.09, i need the same configuration with the new 100d cluster and support it WAN Link Load Balancing.

202

0 REPLIES 0

Top Kudoed Authors

User

Count

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Fortios 5.2.5 policy-based IPsec VPN and WAN Link Load Balancing Interface incompatibility

Nominate a Forum Post for Knowledge Article Creation