Cybersecurity Forum

This forum is for all security enthusiasts to discuss Fortinet's latest & evolving technologies and to connect & network with peers in the cybersecurity hemisphere. Share and learn on a broad range of topics like best practices, use cases, integrations and more. For support specific questions/resources, please visit the Support Forum or the Knowledge Base.

New Contributor

Fortios 5.2.5 policy-based IPsec VPN and WAN Link Load Balancing Interface incompatibility

I have a cluster of two fg80C fortios version 5.09, with some policy-based IPsec VPN's, working just fine. I will migrate to a fg100d cluster with fortios 5.2.5, all configuration works fine in the new 100D cluster, but I have a issue, I will change my wan1 interface policies to a WAN Link Load Balancing (two ISP providers, wan 1 & wan2, Weighted Round Robin method) to the new cluster but if I enable it, my policy-based IPsec VPN's can get configured , even via cli. I got Command fail. Return code -651.

"error:set interface wan1

node_check_object fail! for interface wan1"

value parse error before 'wan1'
Command fail. Return code -651

I don't now if this is a bug of firmware 5.2.5, or just WAN Link Load Balancing is not compatible with Policy-based IPsec VPN's.

-I will not upgrade to fortios 5.4, because it's so many bugs, and I don't now if firmware 5.2.6 solve my problem, any idea how to work-around with this issue, because i am already has a working environment with the cluster80c v5.09, i need the same configuration with the new 100d cluster and support it WAN Link Load Balancing.