FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
achu
Staff
Staff
Article Id 346695
Description

This article describes the change in IPSec VPN default settings starting version 7.6.0 using VPN Creation Wizard.

Scope FortiOS.
Solution

In the previous version when creating a VPN tunnel between FortiGate automatically works after creating the tunnel via the wizard.

 

When users create an IPSec VPN using the VPN Creating Wizard, it is impossible to view the phase 1/phase2 proposals and IKE version in the GUI, select 'Convert To Custom Tunnel' to view and modify the settings in the GUI.

 

vpn 1.png

 

In 7.4.5 or lower versions, the default IKE version is 1.

 

vpn2.png

 

In v7.6.0, the default IKE version is 2, this setting can be viewed and modified in the VPN wizard.


vpn3.png

 

Alternatively, it is possible to confirm what is the IKE version of the IPsec via CLI without converting to custom tunnel:

 

show full vpn ipsec phase1-interface <Phase1_name> | grep -i ike