Description
This article describes the multiple options to configure phase2 selectors on VPN IPsec.
Scope
FortiOS 7.0, 7.2 and 7.4.
Solution
- During Phase 2 selectors you have the next option to configure the source and destinations.
Below is the way to configure each of these options:
- Subnet: Allow to configure a subnet, which can be a default subnet or a specific subnet.
- IP Range: Allow to configure a range of IP addresses in case it is desired to allow a specific host to send traffic over VPN IPsec that owns the same LAN.
- IP Address: Allow to configure a specific IP address.
- Named Address: Allow to set the next address objects:
Subnet.
IP Range.
Address Group.
Note: It is important to mention that FQDN is supported on the Address group, however, VPN IPsec does not support FQDN objects as named addresses. Therefore, if adding a FQDN object on the Address Group, the address group will not be available on the phase2 selector as below:
