rphulekar
Staff
Created on 06-18-2015 12:28 AM Edited on 05-26-2022 11:44 AM By Anonymous
Article Id
192851
Description
In FortiOS v5.2.x and 5.0.x, policy based IPSec is disabled only in GUI by default. It can be configured in CLI or by using the Enable feature in the GUI. Once enabled, IPSec tunnels can be used in the Firewall Policy.
Solution
To enable this feature (disabled by default):
config system global
set ?
set gui-policy-based-ipsec enable
end ==> to save the changes
Refer the appropriate FortiOS CLI Reference Guide in the Fortinet Document Library for more information.
It can also be enabled in GUI as follows:
Go to > system > Features > click on short Pencil icon > show more >
Enable > Policy-Based IPSec VPN > Click apply to save changes.
Now go to VPN > IPSec > create new phase1 > disable > "ipsec interface mode"> configure Phase1 and Phase2
Now go to firewall policy > create new >select VPN > select > ipsec > configure accordingly:
Fully configured Policy Based IPsec VPN Firewall policy will be as below:
Config firewall policy
edit 2
set srcintf "internal"
set dstintf "wan2"
set srcaddr "all"
set dstaddr "all"
set action ipsec
set schedule "always"
set service "ALL"
set inbound enable <--------
set outbound enable
set vpntunnel "testTunnel" <------
next
config system global
set ?
set gui-policy-based-ipsec enable
end ==> to save the changes
Refer the appropriate FortiOS CLI Reference Guide in the Fortinet Document Library for more information.
It can also be enabled in GUI as follows:
Go to > system > Features > click on short Pencil icon > show more >
Enable > Policy-Based IPSec VPN > Click apply to save changes.
Now go to VPN > IPSec > create new phase1 > disable > "ipsec interface mode"> configure Phase1 and Phase2
Now go to firewall policy > create new >select VPN > select > ipsec > configure accordingly:
Fully configured Policy Based IPsec VPN Firewall policy will be as below:
Config firewall policy
edit 2
set srcintf "internal"
set dstintf "wan2"
set srcaddr "all"
set dstaddr "all"
set action ipsec
set schedule "always"
set service "ALL"
set inbound enable <--------
set outbound enable
set vpntunnel "testTunnel" <------
next
Labels: